30.3. User Authentication
In some organizations it would be possible to use Windows authentication for all user validation. Unfortunately, in many cases this is not possible, and application developers have to come up with their own solutions for determining which users should be able to access a system. This process is loosely referred to as forms-based authentication, as it typically requires the provision of a username and password combination via a login form of some description. Both ASP.NET Application Services and the client application services support forms-based authentication as an alternative to Windows authentication.
To begin with, you will need to enable the membership management service for access by the client application services. Adding the <authenticationService> element to the <system.web.extensions> element in the web.config file will do this. Note that we have disabled the SSL requirement, which is clearly against all security best practices and not recommended for production systems.
<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled="true" requireSSL="false"/>
<roleService enabled="true"/>
The next step is to create a custom membership provider that will determine whether a specific username and password combination is valid for the application. To do this, add a new class, CustomAuthentication, to the ApplicationServices application and set it to inherit from the MembershipProvider class. As with the role provider we created ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access