After you created your NetPass database and configured your web config, now it's a time to get this authentication business done.

In this article i will show you how to embed into your Flex/ActionScript application authentication and authorization services based on NetPass Membership and Aplication Role Management provider for ASP.NET.

First thing you need for your Flex Application is to declare webservices connection, you can do it following way:

<mx:WebService id="wsNetPass" wsdl="/ws/netpass.asmx?WSDL" fault="wsNetPass_fault(event)" showBusyCursor="true">
        <mx:operation name="validate" result="wsNetPass_result(event)">
            <mx:request>
                <username />
                <password />
            </mx:request>
        </mx:operation>
</mx:WebService>

This webservice declaration example using only Validate function of NetPass, since it is only one you need to authenticate your users.

Your login form could look somewhere like this:

<mx:Canvas id="loginBox" creationCompleteEffect="fxTools" width="260" height="200" horizontalCenter="-1" verticalCenter="0.5" borderStyle="solid" borderThickness="0" backgroundColor="#fafafa" cornerRadius="5" borderColor="#90c4de" shadowDirection="right" shadowDistance="8" dropShadowColor="#000000" dropShadowEnabled="false">
<mx:Image x="10" y="10" source="assets/icons/png-48/user1_lock.png"/>
<mx:Label x="10" y="88" text="Username:"/>
<mx:TextInput x="85" y="87" id="txtUsername" text="demo"/>
<mx:Label x="16" y="114" text="Password:"/>
<mx:TextInput x="85" y="113" id="txtPassword" displayAsPassword="true" text="demo"/>
<mx:Button x="165.8" y="168" label="Cancel" id="btnCancel" click="btnCancel_click(event)">
  <mx:icon>@Embed(source='12-em-cross.png')</mx:icon>
</mx:Button>
<mx:Button x="83.8" y="168" label="Login" id="btnLogin" click="btnLogin_click(event)">
  <mx:icon>@Embed(source='16-arrow-right.png')</mx:icon>
</mx:Button>
<mx:HRule x="10" y="156" width="240" height="4"/>
<mx:HRule x="10" y="66" width="240" height="4"/>
<mx:Label x="85" y="35" text="Workspace Login" color="#557d90" fontSize="14" fontWeight="bold"/>
</mx:Canvas>

As you can see here it has two input fields, one of them marked as password field. Plus you have two buttons, where one of them performs btnLogin_click action when user presses on it:

private function btnLogin_click(e:MouseEvent):void
    {
        //Send request to NetPass Validate service
        if (txtUsername.text == "" || txtPassword.text == "")
        {
            currentState = "LoginError";
            LoginStatus.text = "Username and Password fields can't be empty"
        }
        else
        {
            wsNetPass.validate(txtUsername.text, txtPassword.text);
        }
    }

This code snippet not allows username and password fields to be empty. Of course you can use some field validations, but for the moment there is no need to make complex thins even more complex.

When wsNetPass.validate executed, it sends request to your ASP.NET webservice with username and password details provided by user. NetPass on server side validates provided credentials and replies back to your Flex Application with one of these two statuses:

• OK - when authentication went fine and user authorized to access the system, or
• FAILED - when authentication failed

Please don't forget, that for security reason NetPass have locks enabled, so if user enters wrong username and/or password few times, user account becomes locked and you will need to use your Membership Services console (SiteAdmin CMS, Grafeio Workspace or your own) to unlock user account.

Your NetPass Validation server reply handler function for ActionScript could look like this:

/**
* Handles NetPass result replies
*/ 
private function wsNetPass_result(e:ResultEvent):void
{
        switch (e.result.toString())
        {
            case "OK":
                //your action goes here
                break;
            default:
                currentState = "LoginError";
                LoginStatus.text = "Authentication failed. Wrong Username or Password"
                break;
        }        
}

Basically that's it.

ASP.NET Membership is configured using the membership element in the Web.config file for your application. The membership element is a sub-element of the system.web section. You can enable ASP.NET Membership for an application by directly editing the Web.config file for that application, or you can use the Web Site Administration Tool, which provides a wizard-based interface. As part of membership configuration, you specify:

• Which membership provider (or providers) to use. (This typically also specifies what database to store membership information in.)

• Password options such as encryption and whether to support password recovery based on a user-specific question.

• Users and passwords. If you are using the Web Site Administration Tool, you can create and manage users directly. Otherwise, you must call membership functions to create and manage users programmatically.

View sample web.config file to work with NetPass: netpass-config.txt Additional information about NetPass Membership and Role Provider you can read from NetPass.pdf

You configure the membership system in your application's Web.config file. The easiest way to configure and manage membership is with the Web Site Administration Tool, which provides a wizard-based interface. As part of membership configuration, you specify:

• What membership provider to use. (This typically also specifies what database to store membership information in.)

• Password options such as encryption and whether to support password recovery based on a user-specific question.

• Users and passwords. If you are using the Web Site Administration Tool, you can create and manage users directly. Otherwise, you must call membership functions to create and manage users programmatically.

Although membership is a self-standing feature in ASP.NET for authentication, it can be integrated with ASP.NET role management to provide authorization services for your site. Membership can also be integrated with the user profile to provide application-specific customization that can be tailored to individual users.

How Membership Works

To use membership, you must first configure it for your site. In outline, you follow these steps:

1. Specify membership options as part of your Web site configuration. By default, membership is enabled. You can also specify what membership provider you want to use. (In practical terms, this means that you are specifying what type of database you want to keep membership information in.) The default provider uses a Microsoft SQL Server database. You can also choose to use Active Directory to store membership information, or you can specify a custom provider (NetPass Membership Provider). For information on membership configuration options that can be specified in the Web.config file for your ASP.NET application, see Configuring NetPass.
2. Configure your application to use Forms authentication (as distinct from Windows or Passport authentication). You typically specify that some pages or folders in your application are protected and are accessible only to authenticated users.
3. Define user accounts for membership. You can do this in a variety of ways. You can use the Web Site Administration Tool, which provides a wizard-like interface for creating new users. Alternatively, you can create a "new user" ASP.NET Web page where you collect a user name and password (and optionally an e-mail address), and then use a membership function named CreateUser to create a new user in the membership system.

You can now use membership to authenticate users in your application. Most often, you will provide a login form, which might be a separate page or a special area on your home page. You can create the login form by hand using ASP.NET TextBox controls, or you can use ASP.NET login controls. Because you have configured the application to use Forms authentication, ASP.NET will automatically display the login page if an unauthenticated user requests a protected page.

Note: The ASP.NET login controls (Login, LoginView, LoginStatus, LoginName, and PasswordRecovery) encapsulate virtually all of the logic required to prompt users for credentials and validate the credentials in the membership system.

If you use login controls, they will automatically use the membership system to validate a user. If you have created a login form by hand, you can prompt the user for a user name and password and then call the ValidateUser method to perform the validation. After the user is validated, information about the user can be persisted (for example, with an encrypted cookie if the user's browser accepts cookies) using Forms Authentication. The login controls perform this task automatically. If you have created a login form by hand, you can call methods of the FormsAuthentication class to create the cookie and write it to the user's computer. If a user has forgotten his or her password, the login page can call membership functions that help the user remember the password or create a new one.

Each time the user requests another protected page, ASP.NET Forms authentication checks whether the user is authenticated and then either allows the user to view the page or redirects the user to the login page. By default, the authentication cookie remains valid for the user's session.

After a user has been authenticated, the membership system makes available an object that contains information about the current user. For example, you can get properties of the membership user object to determine the user's name and e-mail address, when the user last logged into your application, and so on.

An important aspect of the membership system is that you never need to explicitly perform any low-level database functions to get or set user information. For example, you create a new user by calling the membership CreateUser method. The membership system handles the details of creating the necessary database records to store the user information. When you call the ValidateUser method to check a user's credentials, the membership system does all the database lookup for you.