AuthenticationService Class


Enables access to ASP.NET forms authentication as a Web service.

public ref class AuthenticationService
[System.ServiceModel.ServiceBehavior(ConcurrencyMode=System.ServiceModel.ConcurrencyMode.Multiple, InstanceContextMode=System.ServiceModel.InstanceContextMode.Single, Namespace="")]
public class AuthenticationService
[<System.ServiceModel.ServiceBehavior(ConcurrencyMode=System.ServiceModel.ConcurrencyMode.Multiple, InstanceContextMode=System.ServiceModel.InstanceContextMode.Single, Namespace="")>]
type AuthenticationService = class
Public Class AuthenticationService


The AuthenticationService object enables you to authenticate users through a Windows Communication Foundation (WCF) service. You use the WCF authentication service when you must authenticate users through ASP.NET membership from an application that is outside the Web application that stores the user credentials. The application must be able to send and consume message in the SOAP format. Through the AuthenticationService class, you can log users in, log users out, validate credentials, check authentication status, customize authentication, and set the authentication cookie.

The AuthenticationService class contains four methods that you should access only through a WCF service: the IsLoggedIn, Login, Logout, and ValidateUser methods. To call these methods, you enable the authentication service on a Web server and then connect a WCF-compatible client application to the Web service. For information about how to configure the authentication service, see How to: Enable the WCF Authentication Service.

To log users on, you pass the user credentials to the Login method. If the credentials are valid, the AuthenticationService class creates an authentication cookie. If the authentication cookie has not expired, you know that the user's credentials have been authenticated and you do not have to validate the credentials again. (Cookie-less authentication is not available through the AuthenticationService class.)

The AuthenticationService can raise two events: Authenticating and CreatingCookie. The Authenticating event occurs when the user credentials are being validated. Create an event handler for the Authenticating event to customize how user credentials are validated. The CreatingCookie event occurs when the authentication cookie is being set after user credentials have been validated. Create an event handler for the CreatingCookie event to customize the authentication cookie.

The ValidateUser method checks user credentials for authentication, but it does not return an authentication ticket. Use ValidateUser when a user has previously logged in and you must check that the credentials are still valid at the start of a new application session.

For an example of using the WCF authentication service from a console application, see Walkthrough: Using ASP.NET Application Services.



Initializes a new instance of the AuthenticationService class.



Determines whether the specified object is equal to the current object.

(Inherited from Object)

Serves as the default hash function.

(Inherited from Object)

Gets the Type of the current instance.

(Inherited from Object)

Determines whether the current user is authenticated.

Login(String, String, String, Boolean)

Checks user credentials and creates an authentication ticket (cookie) if the credentials are valid.


Clears the authentication ticket (cookie) in the browser.


Creates a shallow copy of the current Object.

(Inherited from Object)

Returns a string that represents the current object.

(Inherited from Object)
ValidateUser(String, String, String)

Authenticates user credentials without issuing an authentication ticket.



Occurs when user credentials are being validated.


Occurs when the authentication cookie is being set.

Applies to

See also