Security and Ajax.NET Professional

Michael Schwarz on Friday, May 12, 2006

I have written a short example about how to use web forms security with Ajax.NET Professional. The example (C# and VB.NET) is included in the latest version available at [1]. Discuss the security.aspx example at Google groups [2]. (Update: there are about 2.500 members reading and writing posts!!!)

See this example:

using System; using System.Data; using System.Configuration; using System.Web; using System.Security.Permissions;

public partial class SecurityCS : System.Web.UI.Page { [AjaxPro.AjaxMethod] [PrincipalPermission(SecurityAction.Demand, Role = "Admin")] public static string AdminMethod() { return "Hello Admin!"; }

protected void Page_Load(object sender, EventArgs e) { // Register Ajax.NET methods from this class AjaxPro.Utility.RegisterTypeForAjax(typeof(AjaxPro.Services.AuthenticationS­ervice)); AjaxPro.Utility.RegisterTypeForAjax(typeof(SecurityCS)); }

<font size="2"><font face="Courier New">} </font><br></font> The AuthenticationService lets you sign in and out directly from JavaScript code:

<script type="text/javascript> AjaxPro.Services.Authentication.Login(username, password, callback); </script>

If you then access a AjaxMethod without the needed security rights you will get an SecurityException.