jQuery POST read by a webservice

4 posts, 0 answers
  1. Chris
    Chris avatar
    2 posts
    Member since:
    Jan 2011

    Posted 13 Jan 2011 Link to this post

    I'm creating a login user control for our sitefinity. it is designed to use jQuery/Webservice.  I've built the client side with the following:
    <input type="text" id="UserNameText" />
    <br />
    <input type="password" id="PasswordText" />
    <br />
    <input type="button" id="Login" value="Login" onclick="DoLogin();" />
      
    <script type="text/javascript" language="javascript">
        function DoLogin() 
        {
            var un = document.getElementById('UserNameText').value;
            var pw = document.getElementById('PasswordText').value;
            var info = "{ 'UserName':'" + un + "', 'Password':'" + pw + "'}";
      
            $.ajax(
            {
                type: "POST",
                url: "http://localhost:60876/Sitefinity/Services/Login/Login.asmx/LoginSpecial",
                dataType: 'json',
                data: info,
                contentType: "application/json; charset=utf-8",
                success: function (msg) { alert(msg.d); },
                error: function (msg) { alert(msg.responseText); }
            });
        }
    </script>

    The above works ok, the service is called(as expected).  However I don't know how to get the json data out of the POST message(data : info).  With Get, I can read the parameters off the url query string.  I can parse the json ok, I just don't know how to get it from the POST.  I have the following code for the webservice.
    [ScriptMethod(ResponseFormat = ResponseFormat.Json)]
    [WebMethod]
    public string LoginSpecial()
    {
        string success = String.Empty;
        /* read json here from jQuery POST 
        NameValueCollection collection = request.Params;
        HttpRequest request = HttpContext.Current.Request;
        string json = HttpContext.Current.Request["info"] != null ? HttpContext.Current.Request["info"].ToString() : String.Empty;
        */
        // test json string, need to read from the jquery post
        string json = "{ 'UserName':'test', 'Password':'test'}";
          
        // the following two lines of code work ok with the test json string above.
        JavaScriptSerializer serial = new JavaScriptSerializer();
        Credentials credential = (Credentials)serial.Deserialize(json, typeof(Credentials));
        return "Some json message here";
    }

    I hope I got this in the right forum section.
  2. Slavo
    Admin
    Slavo avatar
    2 posts

    Posted 14 Jan 2011 Link to this post

    Hello Chris,

    The service you've created is an ASMX web service. In Sitefinity we're using WCF services, which are a bit different. ASMX web services by default work with XML as a format and SOAP as the protocol. You'll need to switch to JSON and introduce an object parameter to your service method. When initiating a POST request, the parameter would automatically give you the POST data as an object, which you can later parse as JSON.
    Here's an article that explains how to make ASMX services work with JSON: http://encosia.com/2010/03/03/asmx-and-json-common-mistakes-and-misconceptions/

    Here are two more articles that may be useful with your service implementation:
    http://blog.prabir.me/post/JSON-in-Classical-Web-Services-ASMX.aspx
    http://encosia.com/2010/05/31/asmx-scriptservice-mistake-invalid-json-primitive/

    Even if you make this work, I need to warn you that it is wrong from a security viewpoint. With this way of calling the service, you would transmit the user password in plain text (unencrypted). Everyone who happens to be sniffing traffic (say on the open wireless network of the user accessing your site) would be able to retrieve the username and password and login as your user.

    The ASP.NET login controls (and the one used in Sitefinity) were implemented with those security considerations in mind and I'd advise you to use those, unless you have a very good reason to do otherwise.

    Greetings,
    Slavo
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
  3. Chris
    Chris avatar
    2 posts
    Member since:
    Jan 2011

    Posted 14 Jan 2011 Link to this post

    Hi Slavo, thanks for the response.

    I'm switching over to WCF as you recommended.  Our webserver sits outside the firewall, it will then have to connect to a wcf server and then to a database server.  We can't connect a webserver outside the firewall directly to a db server.  That's why I built a custom logon functionality(personal privacy data has to go this route, other non-personal privacy data can go directly from webserver to db server).

    Would the built in login functionality easily support this?
  4. Slavo
    Admin
    Slavo avatar
    2 posts

    Posted 17 Jan 2011 Link to this post

    Hello Chris,

    Our login controls, as well as the ASP.NET login controls use ASP.NET Authentication. It's not their job to support different security mechanisms, what they do is use the ASP.NET Membership API to authenticate users. 

    In this case, the only thing you have to ensure is that your server setup supports ASP.NET Membership. For anything in Sitefinity to work, your web server has to know about the database it uses. That means there's a connection between the two, even if firewalled. The Sitefinity membership provider is part of the application running on the web server, and has a store of membership information, which is on the database server. This is a scenario no different than anything else in Sitefinity (data on one server and the application that accesses it on another).

    What I would advise is that you don't implement a custom authentication scheme, but instead try to setup Sitefinity in your server environment by configuring the required connection string to the database server. It should work normally. If there are problems for some reason, that means your setup doesn't support ASP.NET membership required by Sitefinity, and you would have to implement the whole membership scheme from scratch.

    All the best,
    Slavo
    the Telerik team
    Do you want to have your say when we set our development plans? Do you want to know when a feature you care about is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items
Back to Top