This documentation is archived and is not being maintained.

AuthenticationService Class

Enables access to ASP.NET forms authentication as a Web service.

Namespace:  System.Web.ApplicationServices
Assembly:  System.Web.Extensions (in System.Web.Extensions.dll)

[ServiceBehaviorAttribute(Namespace = "", 
	InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)]
[ServiceContractAttribute(Namespace = "")]
[AspNetCompatibilityRequirementsAttribute(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
[AspNetHostingPermissionAttribute(SecurityAction.InheritanceDemand, Level = AspNetHostingPermissionLevel.Minimal)]
[AspNetHostingPermissionAttribute(SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public class AuthenticationService

The AuthenticationService object enables you to authenticate users through a Windows Communication Foundation (WCF) service. You use the WCF authentication service when you must authenticate users through ASP.NET membership from an application that is outside the Web application that stores the user credentials. The application must be able to send and consume message in the SOAP format. Through the AuthenticationService class, you can log users in, log users out, validate credentials, check authentication status, customize authentication, and set the authentication cookie.

The AuthenticationService class contains four methods that you should access only through a WCF service: the IsLoggedIn, Login, Logout, and ValidateUser methods. To call these methods, you enable the authentication service on a Web server and then connect a WCF-compatible client application to the Web service. For information about how to configure the authentication service, see How to: Enable the WCF Authentication Service.

To log users on, you pass the user credentials to the Login method. If the credentials are valid, the AuthenticationService class creates an authentication cookie. If the authentication cookie has not expired, you know that the user's credentials have been authenticated and you do not have to validate the credentials again. (Cookie-less authentication is not available through the AuthenticationService class.)

The AuthenticationService can raise two events: Authenticating and CreatingCookie. The Authenticating event occurs when the user credentials are being validated. Create an event handler for the Authenticating event to customize how user credentials are validated. The CreatingCookie event occurs when the authentication cookie is being set after user credentials have been validated. Create an event handler for the CreatingCookie event to customize the authentication cookie.

The ValidateUser method checks user credentials for authentication, but it does not return an authentication ticket. Use ValidateUser when a user has previously logged in and you must check that the credentials are still valid at the start of a new application session.

For an example of using the WCF authentication service from a console application, see Walkthrough: Using ASP.NET Application Services.


Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Windows 7, Windows Vista, Windows XP SP2, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003

The .NET Framework and .NET Compact Framework do not support all versions of every platform. For a list of the supported versions, see .NET Framework System Requirements.

.NET Framework

Supported in: 3.5