Documentation for: ASP.NET Ajax Version 1.0

This documentation is for a previous version. For the current released version, see the ASP.NET Ajax documentation on MSDN.








Skip Navigation Links.
Sample ASP.NET AJAX Application
ASP.NET AJAX and JavaScript
Extending JavaScript with ASP.NET AJAX
Creating Custom Client Script in ASP.NET AJAX
Dynamically Assigning ASP.NET AJAX Script References
Globalizing a Date by Using Client Script
Embedding a JavaScript File as a Resource in an Assembly
Embedding Localized Resources for a JavaScript File
Adding Localized Resources to a JavaScript File
Creating Custom Client Events
The UpdatePanel Control
Introduction to the UpdatePanel Control
Creating a Simple ASP.NET Page with Multiple UpdatePanel Controls
Using the UpdatePanel Control with Data-Bound Controls
Using the UpdatePanel Control with Master Pages
Using the UpdatePanel Control with User Controls
Using the UpdatePanel Control with a Web Service
Customizing Error Handling for UpdatePanel Controls
Animating UpdatePanel Controls
Canceling an Asynchronous Postback
Giving Precedence to a Specific Asynchronous Postback
Working with PageRequestManager Events
The UpdateProgress Control
Introduction to the UpdateProgress Control
Programming UpdateProgress Controls in Client Script
The Timer Control
Introduction to the Timer Control
Using the Timer Control with Multiple UpdatePanel Controls
ASP.NET Application Services
Using Forms Authentication
Using Profile Information
Web Services
Exposing Web Services to Client Script
Calling Web Services from Client Script
ASP.NET AJAX Extensibility
Creating Custom ASP.NET AJAX Non-Visual Client Components
Creating Custom ASP.NET AJAX Client Controls
Creating an Extender Control
Adding Client Capabilities to a Web Server Control
Creating a Client Component Class Using the Prototype Model
Defining Custom Component Properties and Raising PropertyChanged Events
Releasing Component Resources

Using Forms Authentication with ASP.NET AJAX


You can use the Microsoft AJAX Library authentication service to verify credentials that are stored as part of the ASP.NET membership application service. You can access the authentication service from client script by using the AuthenticationService class, which supports the following methods:

  • login. This method validates the user credentials by using the default membership provider. If the credentials are verified, the method sends a forms authentication cookie to the browser. Most ASP.NET AJAX applications will use the login¬†method, because forms-authenticated applications require an authentication cookie in the browser.

  • logout. This method clears the forms authentication cookie.

This topic shows an example on how to call the ASP.NET authentication service from the browser by using JavaScript.

Configuring the Server

The server provides the infrastructure to process the identification credentials such as name and password from a user, and to validate those credentials. The forms authentication feature in ASP.NET AJAX enables you to authenticate the user's login name and password users by using a login form. If the application authenticates the request, the server issues a ticket that contains a key for reestablishing the user identity in subsequent requests.

The AuthenticationService class provides the JavaScript proxy class that you call from client script to communicate with the authentication service on the server.


You can create your own server authentication service. For more information, see AuthenticationServiceManager.

To support authentication in client script, the server must be configured as described in the following sections.

For more information about authentication in ASP.NET, see How ASP.NET Security Works and Managing Users by Using Membership.

Enabling the Authentication Service

To use the authentication service from client script, you must explicitly enable the authentication service by using the following element in the application's Web.config file:

      <authenticationService enabled="true" />

For more information, see Configuring ASP.NET AJAX.

The authentication service requires forms authentication to be enabled. The following example shows how to enable forms authentication in the application's Web.config file.

  <authentication mode="Forms">
    <forms cookieless="UseCookies" 

The browser must have cookies enabled. The authentication service uses a cookie for the authentication ticket that reestablishes the user's identity during subsequent requests.

Configuring Access to the Membership Database

By default, ASP.NET uses a SQL Server Express database to store membership information. The connection string for the database is defined in the Machine.config file and resembles the following:

  <add name="LocalSqlServer" 
  connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;
User Instance=true" providerName="System.Data.SqlClient" />

If you are using a different database for membership information, you can create a <connectionStrings> element in the application Web.config file that points to that database. For more information, see Configuring an ASP.NET Application to Use Membership.

Creating a Restricted Folder

If you want to limit access to information so that only logged-in users can access it, you create a restricted area of the site. This is typically a folder under the application root. To limit access to the restricted folder, you create a Web.config file in the restricted folder and add an <authorization> section to it. The following example shows the contents of a Web.config file that restricts access to only authenticated users.

<?xml version="1.0"?>
    <authorization>      <deny users="?"/>      <allow users="*"/>    </authorization>


The following example shows an ASP.NET Web page that authenticates the user by using client script. The example requires that you have configured the server as described earlier in this topic. The name of the restricted folder is assumed to be Secured.

The page contains an <asp:ScriptManager> element. When this element is included on the page, the AuthenticationService object is automatically available to any client script on the page.

The page has a button with an associated event handler named OnClickLogin. Code in the method handler calls the login method of the AuthenticationService class.

After you are logged in, the button text changes and the text at the top of the page changes to indicate your logged-in status. Click the link at the bottom of the page to move to a page located in the Secured folder. Because you are now logged in, you can access pages in this folder without being redirected to the login page.

On the sample page, you can click a button to log out. This calls the OnClickLogout button event handler, which calls the logout method. After you have logged out, the text at the top of the page changes. If you try to access the page in the secured folder, you will be redirected to the login page, because your browser no longer has a forms authentication cookie.

The example code provides asynchronous completed callback functions for the login and logout methods. You can also create failure callback functions for both methods. For more information, see the example provided in the AuthenticationService class overview.