[Update: March 20, 2007] Before putting the finishing touches on this AJAX Login System / Control, I've decided to see just how secure it is by issuing a challenge. See if you can crack it...
In Simplifying the Sign In Experience with AJAX, I brainstormed about how an AJAX Login control could improve a user's web application sign in experience. If you have been following the more detailed posts of each attribute, you will remember that my last post was on making sure the functionality is accessible via URL. In addition, I gave a link to a live demo for you to give it a test drive.
Well, the next attribute in the list, #4, is Easy, Very Easy to Add to Web Pages. And although it is very close to being ready, I decided to skip ahead to attribute #6, Compatible with ASP.NET 2.0 Forms Authentication, as it turns out to be a pre-requisite to making the AJAX Login System easy to add to web pages. This is because, naturally, in order to be easy to add to ASP.NET web pages it needs to play well with applications that use the built-in ASP.NET membership system.
Now, I want to be clear, making sure the AJAX Login System is compatible with ASP.NET Authentication does not mean that it shouldn't be easy to add to other types of web pages, be it plain HTML, PHP, Ruby on Rails, etc. ... It just means that it needs to be easy to add to ASP.NET pages as well. We will cover compatibility with other technologies in a future post.
Community Server - A Use Case
In order to keep things simple, I decided to use this site, daptivate.com as a use case of the AJAX Login System's ability to work well with an ASP.NET application. This way you will be able to see it in action and it will be a good test of using it with an application, Community Server, that not only leverages the ASP.NET 2.0 Membership System but also extends it.
Feel free to create a test account and test it out on this site if you like. One benefit you will notice is that the Screen Name you choose will automatically appear in the Comment section. Additionally, you don't need to create a separate account if you already created one on SnipGen.com. Simply sign in with your existing account.
The Objective
The first step is to simply show that a user can sign into an application which uses the ASP.NET 2.0 Membership System. The second goal is to provide functionality that has come to be expected by users of ASP.NET (and really most) web applications; namely, auto-redirect when authentication is required, and remembering users through encrypted cookies.
The Solution
Blah, blah. Instead of a verbose description of how the objective was met, I've decided to simply release the code. This way if you are interested, you can get the source and see how it really works. If you aren't, then I won't be wasting your time.
There are two options for getting the code:
1) The AJAX Login Google Code Project - This will allow you to use subversion to get the latest code and optionally contribute to the project.
2) A zip file - Simple, zipped up version of an example website.
In either case, here are the basic steps for getting the project running:
- Modify connections.config to point to a database with the ASP.NET 2.0 membership schemas. This could be an existing ASP.NET 2.0 application's DB for which you want to use the AJAX Login functionality.
- Setup a virtual directory or website for the folder AjaxLogin.Web.
- Checkout your local version of the site.
There may be a few extra steps / checkpoints to get it to integrate seamlessly with Community Server and other custom web applications. However, I will leave that for another post.