As advised in the official materials, we've first specified three default callback functions for the subsequent authentication service. Next, we call Sys.Services.AuthenticationService.login to try to log into the system using the passed parameters. The following shows the detailed signature for the Sys.Services.AuthenticationService.login method.
Sys.Services.AuthenticationService.login(userName, password,
isPersistent, customInfo, redirectUrl,
loginCompletedCallback, failedCallback, userContext);
Since the parameters are self-explanatory and the online materials have provided detailed information, we will not spend any more time on this. From the above code listing, however, you can easily singled out the most interesting and important parameter-loginCompletedCallback, which is a pointer attached to the callback function that is invoked when the login completes. Here is its related code:
function OnLoginCompleted(validCredentials,userContext,
methodName)
{
if (validCredentials == true)
{
$get('loggingInMsg').style.visibility = "visible";
$get('loginFailureMsg').style.visibility = "hidden";
$get('buttonLogin').style.visibility = "hidden";
$get('buttonLogout').style.visibility = "visible";
$get("backhome").style.visibility = "visible";
$get("logoutOK").style.visibility = "hidden";
//window.setTimeout("window.location.href('default.aspx')",
2000);
}
else{
$get('loggingInMsg').style.visibility = "hidden";
$get('loginFailureMsg').style.visibility = "visible";
$get('buttonLogin').style.visibility = "visible";
$get('buttonLogout').style.visibility = "hidden";
$get("backhome").style.visibility = "visible";
$get("logoutOK").style.visibility = "hidden";
}
}
Apparently, when the calling succeeds we give the user two choices: going back to the homepage, or logging out of the system by clicking the Logout button. Of course, you can uncomment the above line "window.setTimeout..." to navigate the valid user to the homepage. You see, all of the underground work has been hidden by the developers by leveraging merely one static class: Sys.Services.AuthenticationService. However, from the client-side JavaScript, with this class we can easily achieve the aim of authentication using the standard ASP.NET 2.0 membership application service.
There is also one point here worth noticing. Unlike the early Atlas July Preview in which there was another method - validateUser provided by Sys.Services.AuthenticationService -- for the developers themselves to validate the user (establishing their identity and permissions), in the present ASP.NET AJAX 1.0 method, validateUser is removed, letting the system or elsewhere perform these tasks. This is comprehensible because safety is always the most important task in real applications.
As with the traditional ASP.NET 2.0, to enable the login functionality and forms authentication there is a lot of other work to do, such as enabling the Authentication Service via web.config, making sure the browser has cookies enabled, configuring access to the Membership database via machine.config file, and creating roles, their related users and specifying their accessing rules via the ASP.NET Web Site Administration tool. However, to make a long story short, we omit all of these things but recommend you research carefully into the web.config file accompanying the source code, as well as refer to the online tutorial titled "Using Forms Authentication with ASP.NET AJAX."
Next: Registration >>
More ASP.NET Articles
More By Xianzhong Zhu
