Server Authentication on Desktop Application using Client Application Services

Client application services (.NET 3.5) make it easy for you to create Windows-based applications that use the ASP.NET AJAX login, roles, and profile application services included in the Microsoft ASP.NET 2.0 AJAX Extensions. These services enable multiple Web and Windows-based applications to share user information and user-management functionality from a single server. For example, you can use these services to perform the following tasks:

  • Authenticate a user. You can use the authentication service to verify a user’s identity.

  • Determine the role or roles of an authenticated user. You can use the roles service to change the user interface of your application depending on the user’s role. For example, you can provide additional features for users who are in an administrator role.

  • Store and access per-user application settings located on the server. You can use the Web settings service (also known as the profile service) to share settings across multiple applications and locations.

Client application services take advantage of the Web services extensibility model through client service providers that you can specify in your application configuration files. These service providers include offline functionality that uses a local cache for authentication, roles, and settings data when a network connection is unavailable.

Sample: Using WCF, ASP.NET Client application services to authenticate a user on a desktop windows application.



Accessing ASP.NET Session, Request, Response (HttpContext / HttpApplication) in WCF


WCF services are designed to be transport independent. Even when they are hosted inside ASP.NET applications, the decoupling of the relationship to the HTTP-flavored features is required so that users are not confused. Also most of those ASP.NET features have counterparts in WCF. Nevertheless, WCF provides a mechanism to support smooth migration from ASMX to WCF by introducing two different hosting modes for WCF services:

  • Mixed Transports Mode
  • ASP.NET compatibility mode

This is controlled by the application-level configuration flag “aspNetCompatibilityEnabled”:


<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”/>


This flag is false by default.

Details from Wenlong Dong’s Blog : ASP.NET Compatibility Mode

Step by Step on creating Nested Master Page from an existing CSS template

The following CSS template can be found here:

2-Columns Layout



1-Column Layout


Contact Us Layout


For ASP.NET Design Templates Starter Kit that are using Master Pages but not the new Nested Master Pages feature found in VS2008 go here.

Also check this out…another article on how to take the CSS Design templates and modify them to use ASP.NET 2.0 features and customize it.

Via VS 2008 Nested Master Page Support – ScottGu’s Blog

ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources – ScottGu’s Blog

The following is excerpt from ScottGu’s Blog:

Getting Started with ASP.NET 2.0 Membership, Roles and Forms Authentication Video

Watch this great online video. It walks through how to add Forms Authentication (using the <asp:login> control) with a secure Membership Credential Store + Role Based Security to a site, then implement pages that enable Registration (using the <asp:createuserwizard> control) + Change Password (using the <asp:changepassword> control) + Reset Password (using the <asp:recoverypassword> control), and then authorize page access and hide menu navigation links using the role groupings of the authenticated user. The video shows how to-do all of this from scratch in only 17 minutes. You can watch it here. You can also find other great ASP.NET “how to” videos here.

ASP.NET 2.0 Membership and Role Management Overview Articles

Here are a few good tutorial articles that provide a good conceptual overview of how the new membership and role management system works.

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 1)

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 2)

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 3)

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 4)

Scott Mitchell’s: Examining ASP.NET 2.0’s Membership, Roles and Profile (Part 5)

MSDN: Explained: Forms Authentication in ASP.NET 2.0

MSDN: Explained: Windows Authentication in ASP.NET 2.0

Scott Allen’s: Membership Providers (Part 1)

Scott Allen’s: Role Providers (Part 2)

ASP.NET 2.0 Security, Membership and Role Management Book

Stefan Schackow is the ASP.NET Team technical expert and feature-owner for a lot of the core sub-systems in ASP.NET, and he owned the security, membership and role management features for ASP.NET 2.0. He has recently published an awesome book on ASP.NET Security, Membership and Roles that you can buy for $26 on Amazon here.

You can read two big recommendations of it from ASP.NET MVPs here: Dave Sussman and Christoph Wille I highly recommend getting a copy.

Setting up Membership + Roles on a SQL 2000 or SQL 2005 Server

By default ASP.NET 2.0 auto-creates and uses a SQL Express database to store Membership, Roles and Profile data. If you want to instead use a SQL 2000 or SQL 2005 database, you can easily learn how to configure it using this blog post of mine.

Don’t forget to always set the “applicationName” attribute when configuring ASP.NET Membership, Roles, Profile and other providers.

One common issue people forget to-do when registering membership and other providers is to configure the “applicationName” attribute on the provider declaration.  This can prevent logins from seeming to work when you copy an application to another machine.  This blog post covers this scenario more and how to fix it.

Custom Membership and Roles Providers

ASP.NET 2.0 ships with built-in SQL Server, SQL Express and Active Directory Membership and Role Providers.  The source code for these built-in providers can now be downloaded from here.

The nice thing about the system is that it is entirely extensible, which means you can create and configure your own custom credential/role stores into the system as well (either using the source code from the built-in providers, or just by extending the provider contract).

The ASP.NET Provider Toolkit Site provides tons of content on how to create and build your own providers (including Membership and Role Providers). It also has a link to a fully functional Membership and Role Provider that works with Access databases.  This article also discusses how to build your own Membership Provider, and can be a useful guide to integrating the membership APIs with your own existing database.

Here is a list of other free custom Membership and Roles providers (with complete source code) that I know of on the web:

You can download and configure your application to use any of the above providers.  The beauty of the system is that the Membership, Roles APIs + Login Controls don’t change at all. 

Storing Custom Properties about a User during Registration

One very common question I see asked a lot is how to store custom properties about a new user as they register on the system (example: zip code, gender, etc). The good news is that it is easy to-do this with the new ASP.NET Profile System and the built-in <asp:createuserwizard> control.

I have a sample here that shows how to build a registration system for a site with Membership, Login, Registration, Password Recovery, Change Password, Custom Properties and Roles support – all in 24 lines of code.  If you want, you can combine this with the new SQLTableProvider for the Profile system for greater control over your profile database schema. You can learn about that in my blog post here.

Remote Server Administration Tool Mangement of Membership/Roles

The built-in Web Administration Tool with Visual Web Developer and VS 2005 makes it easy to manage the users and roles for a local ASP.NET application. One common question I get asked is how to manage these users/roles against a remote server (for example: an application running on a remote hoster.  This blog post of mine points to two different solutions you can use to enable this.

Via ASP.NET 2.0 Membership, Roles, Forms Authentication, and Security Resources – ScottGu’s Blog

SQL# (SQLsharp) – Enabling more powerful SQL



  • String: Contains, Count, Cut, EndsWith, Equals, IndexOf, InitCap, Join, LastIndexOf, Newline, NthIndexOf, PadLeft, PadRight, Split, SplitIntoFields, StartsWith, Trim, WordWrap
  • RegEx: IsMatch, Matches, Match, MatchLength, MatchSimple, Replace, Split
  • Math: CompoundAmortizationSchedule, Constant (30 physics constants), Convert (22 measurement conversions), Cosh, Factorial, IsPrime, RandomRange, Sinh, Tanh
  • Date: BusinessDays, DaysInMonth, DaysLeftInYear, FirstDayOfMonth, FormatTimeSpan, FromUNIXTime, FullDateString, FullTimeString, IsBusinessDay, IsLeapYear, LastDayOfMonth, ToUNIXTime
  • InterNet (not available in free version): AddressToNumber, FtpDo, FtpGet, FtpPut, GetHostName, GetIPAddress, GetWebPages, IsValidIPAddress, NumberToAddress, Ping, PingTime
  • File (not available in free version): ChangeEncoding, Copy, CopyMultiple, CreateDirectory, Decrypt, Delete, DeleteDirectory, DeleteMultiple, Encrypt, GetDirectoryListing, GetDriveInfo, GetFile, GetFileBinary, GetRandomFileName, GetTempPath, GUnzip, GZip, Move, MoveMultiple, PathExists, SplitIntoFields, WriteFile, WriteFileBinary
  • Miscellaneous: CRC32, Deflate, GenerateDateTimeRange, GenerateDateTimes, GenerateFloatRange, GenerateFloats, GenerateIntRange, GenerateInts, GUnzip, GZip, Hash, Inflate, IsValidCC, IsValidSSN, ToWords
  • Database: DumpData (not available in free version)
  • Convert: BinaryToHexString, FromBase64, HexStringToBinary, ROT13, ToBase64
  • LookUps: GetCountryInfo, GetStateInfo
  • Internal: Version, Help, Setup, Uninstall, GrantPermissions, IsUpdateAvailable, Update (not available in free version), SetSecurity, WebSite
  • User-Defined Aggregates: GeometricAvg, Join, Median, Random, RootMeanSqr
  • User-Defined Types: FloatArray, HashTable, NVarcharArray

What can SQL# do?

  • SQL# gives you the easiest access to the power of the CLR!
    — a single assembly with over 100 functions, 5 User-Defined Aggregates, 3 User-Defined Types, and more being added!
  • SQL# installs easily and in moments!
    — download one small install sql script, execute it, and enjoy the power of the CLR!
  • SQL# is backed up and restored with the database along with all other objects and data!
    — no need to worry about separate DLLs as with COM Extended Stored Procedures
  • SQL# has built in documentation (list of function and procedure signatures)!
    — if you ever lose the documention, the worst off you are is one procedure call away from viewing the entire list of function signatures!
  • SQL# can easily be updated via the web in moments!
    — you can optionally install updates via the web with a single procedure call
  • SQL# saves countless hours learning CLR and .Net, not to mention the cost of Visual Studio 2005!
    — time is money and you have work to do so why stop and learn yet another language, especially when you might need to purchase additional software just to compile a basic function!
  • SQL# lets you focus on SQL programming without sacrificing the power of the CLR!
    — again, there is only so much time in the day so do you want to spend it NOT being productive?


Download Free Version of SQL# (SQLsharp) here!

The manual and “What’s New” document cover both Free and Paid-For versions.
Manual in PDF format (766k)
What’s New in Version 2.5.20/2.5.21 (122k)

Date_BusinessDays ExcludeDaysMask Worksheet .
Download Spreadsheet (19k)

Via SQL# (SQLsharp) – Enabling more powerful SQL (Features)