Skip to content

Un-encode characters in xref links (System.Web) #12466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
gewarren wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Un-encode characters in xref links (System.Web) #12466

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0da5f95
System.Web
gewarren Mar 30, 2026
ce8526a
more unencodings
gewarren Apr 2, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
22 changes: 11 additions & 11 deletions xml/System.Web.ApplicationServices/AuthenticatingEventArgs.xml
View file
Open in desktop

Large diffs are not rendered by default.

28 changes: 14 additions & 14 deletions xml/System.Web.ApplicationServices/AuthenticationService.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,13 +36,13 @@
## Remarks
The <xref:System.Web.ApplicationServices.AuthenticationService> object enables you to authenticate users through a Windows Communication Foundation (WCF) service. You use the WCF authentication service when you must authenticate users through ASP.NET membership from an application that is outside the Web application that stores the user credentials. The application must be able to send and consume message in the SOAP format. Through the <xref:System.Web.ApplicationServices.AuthenticationService> class, you can log users in, log users out, validate credentials, check authentication status, customize authentication, and set the authentication cookie.

The <xref:System.Web.ApplicationServices.AuthenticationService> class contains four methods that you should access only through a WCF service: the <xref:System.Web.ApplicationServices.AuthenticationService.IsLoggedIn%2A>, <xref:System.Web.ApplicationServices.AuthenticationService.Login%2A>, <xref:System.Web.ApplicationServices.AuthenticationService.Logout%2A>, and <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser%2A> methods. To call these methods, you enable the authentication service on a Web server and then connect a WCF-compatible client application to the Web service. For information about how to configure the authentication service, see [How to: Enable the WCF Authentication Service](https://learn.microsoft.com/previous-versions/aspnet/bb398990(v=vs.100)).
The <xref:System.Web.ApplicationServices.AuthenticationService> class contains four methods that you should access only through a WCF service: the <xref:System.Web.ApplicationServices.AuthenticationService.IsLoggedIn*>, <xref:System.Web.ApplicationServices.AuthenticationService.Login*>, <xref:System.Web.ApplicationServices.AuthenticationService.Logout*>, and <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser*> methods. To call these methods, you enable the authentication service on a Web server and then connect a WCF-compatible client application to the Web service. For information about how to configure the authentication service, see [How to: Enable the WCF Authentication Service](https://learn.microsoft.com/previous-versions/aspnet/bb398990(v=vs.100)).

To log users on, you pass the user credentials to the <xref:System.Web.ApplicationServices.AuthenticationService.Login%2A> method. If the credentials are valid, the <xref:System.Web.ApplicationServices.AuthenticationService> class creates an authentication cookie. If the authentication cookie has not expired, you know that the user's credentials have been authenticated and you do not have to validate the credentials again. (Cookie-less authentication is not available through the <xref:System.Web.ApplicationServices.AuthenticationService> class.)
To log users on, you pass the user credentials to the <xref:System.Web.ApplicationServices.AuthenticationService.Login*> method. If the credentials are valid, the <xref:System.Web.ApplicationServices.AuthenticationService> class creates an authentication cookie. If the authentication cookie has not expired, you know that the user's credentials have been authenticated and you do not have to validate the credentials again. (Cookie-less authentication is not available through the <xref:System.Web.ApplicationServices.AuthenticationService> class.)

The <xref:System.Web.ApplicationServices.AuthenticationService> can raise two events: <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> and <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie>. The <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> event occurs when the user credentials are being validated. Create an event handler for the <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> event to customize how user credentials are validated. The <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie> event occurs when the authentication cookie is being set after user credentials have been validated. Create an event handler for the <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie> event to customize the authentication cookie.

The <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser%2A> method checks user credentials for authentication, but it does not return an authentication ticket. Use <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser%2A> when a user has previously logged in and you must check that the credentials are still valid at the start of a new application session.
The <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser*> method checks user credentials for authentication, but it does not return an authentication ticket. Use <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser*> when a user has previously logged in and you must check that the credentials are still valid at the start of a new application session.

For an example of using the WCF authentication service from a console application, see [Walkthrough: Using ASP.NET Application Services](https://learn.microsoft.com/previous-versions/aspnet/bb515342(v=vs.100)).

Expand Down Expand Up @@ -185,10 +185,10 @@
<format type="text/markdown"><![CDATA[

## Remarks
The <xref:System.Web.ApplicationServices.AuthenticationService.IsLoggedIn%2A> method checks whether the current user is authenticated by checking the <xref:System.Security.Principal.IIdentity.IsAuthenticated%2A>.property.
The <xref:System.Web.ApplicationServices.AuthenticationService.IsLoggedIn*> method checks whether the current user is authenticated by checking the <xref:System.Security.Principal.IIdentity.IsAuthenticated*>.property.

> [!NOTE]
> Do not call the <xref:System.Web.ApplicationServices.AuthenticationService.IsLoggedIn%2A> method from code that is executing on the Web server. You call the <xref:System.Web.ApplicationServices.AuthenticationService.IsLoggedIn%2A> method only as part of a WCF service.
> Do not call the <xref:System.Web.ApplicationServices.AuthenticationService.IsLoggedIn*> method from code that is executing on the Web server. You call the <xref:System.Web.ApplicationServices.AuthenticationService.IsLoggedIn*> method only as part of a WCF service.

]]></format>
</remarks>
Expand Down Expand Up @@ -235,15 +235,15 @@
<format type="text/markdown"><![CDATA[

## Remarks
The <xref:System.Web.ApplicationServices.AuthenticationService.Login%2A> method validates user credentials through a membership provider. You can use the default membership provider or specify a custom membership provider at run time. The <xref:System.Web.ApplicationServices.AuthenticationService> class passes `userName` and `password` to the membership provider's <xref:System.Web.Security.MembershipProvider.ValidateUser%2A> method, but does not pass `customCredential`. If <xref:System.Web.Security.MembershipProvider.ValidateUser%2A> returns `true`, <xref:System.Web.ApplicationServices.AuthenticationService> creates an authentication ticket as a cookie. Set the `isPersistent` parameter to `true` to create an authentication ticket that lasts beyond the current session.
The <xref:System.Web.ApplicationServices.AuthenticationService.Login*> method validates user credentials through a membership provider. You can use the default membership provider or specify a custom membership provider at run time. The <xref:System.Web.ApplicationServices.AuthenticationService> class passes `userName` and `password` to the membership provider's <xref:System.Web.Security.MembershipProvider.ValidateUser*> method, but does not pass `customCredential`. If <xref:System.Web.Security.MembershipProvider.ValidateUser*> returns `true`, <xref:System.Web.ApplicationServices.AuthenticationService> creates an authentication ticket as a cookie. Set the `isPersistent` parameter to `true` to create an authentication ticket that lasts beyond the current session.

> [!NOTE]
> Always use the authentication service together with the secure sockets layer (SSL, by using HTTPS) to protect sensitive data.

The <xref:System.Web.ApplicationServices.AuthenticationService.Login%2A> method raises the <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> event and the <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie> event. Create an event handler for <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> to customize authentication, such as checking the values in `customCredential` or validating credentials through a non-default membership provider. The values in `customCredential` are not validated by the default membership provider. To customize the authentication cookie, create an event handler for <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie>.
The <xref:System.Web.ApplicationServices.AuthenticationService.Login*> method raises the <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> event and the <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie> event. Create an event handler for <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> to customize authentication, such as checking the values in `customCredential` or validating credentials through a non-default membership provider. The values in `customCredential` are not validated by the default membership provider. To customize the authentication cookie, create an event handler for <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie>.

> [!NOTE]
> Do not call the <xref:System.Web.ApplicationServices.AuthenticationService.Login%2A> method from code that is executing on the Web server. You call the <xref:System.Web.ApplicationServices.AuthenticationService.Login%2A> method only as part of a WCF service. For more information, see [ASP.NET Authentication](https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)).
> Do not call the <xref:System.Web.ApplicationServices.AuthenticationService.Login*> method from code that is executing on the Web server. You call the <xref:System.Web.ApplicationServices.AuthenticationService.Login*> method only as part of a WCF service. For more information, see [ASP.NET Authentication](https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)).

]]></format>
</remarks>
Expand Down Expand Up @@ -281,12 +281,12 @@
<format type="text/markdown"><![CDATA[

## Remarks
The <xref:System.Web.ApplicationServices.AuthenticationService.Logout%2A> method clears the authentication cookie from the browser's cookie collection. The user must log in again to be authenticated.
The <xref:System.Web.ApplicationServices.AuthenticationService.Logout*> method clears the authentication cookie from the browser's cookie collection. The user must log in again to be authenticated.

The <xref:System.Web.ApplicationServices.AuthenticationService> class does not store information on the server about which authentication tickets have been cleared.

> [!NOTE]
> Do not call the <xref:System.Web.ApplicationServices.AuthenticationService.Logout%2A> method from code that is executing on the Web server. You call the <xref:System.Web.ApplicationServices.AuthenticationService.Logout%2A> method only as part of a WCF service. For more information, see [ASP.NET Authentication](https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)).
> Do not call the <xref:System.Web.ApplicationServices.AuthenticationService.Logout*> method from code that is executing on the Web server. You call the <xref:System.Web.ApplicationServices.AuthenticationService.Logout*> method only as part of a WCF service. For more information, see [ASP.NET Authentication](https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)).

]]></format>
</remarks>
Expand Down Expand Up @@ -332,14 +332,14 @@
<format type="text/markdown"><![CDATA[

## Remarks
The <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser%2A> method authenticates the user credentials but does not set an authentication cookie. Without an authentication cookie, the user will not be logged in even if the credentials are valid.
The <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser*> method authenticates the user credentials but does not set an authentication cookie. Without an authentication cookie, the user will not be logged in even if the credentials are valid.

Use the <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser%2A> method when you must check whether a user's credentials are valid without receiving an authentication cookie. For example, you might do this if the authentication cookie is already stored in a client application but you want to verify that the user's credentials are still valid when a new session starts.
Use the <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser*> method when you must check whether a user's credentials are valid without receiving an authentication cookie. For example, you might do this if the authentication cookie is already stored in a client application but you want to verify that the user's credentials are still valid when a new session starts.

The <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser%2A> method raises the <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> event, but does not raise the <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie> event.
The <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser*> method raises the <xref:System.Web.ApplicationServices.AuthenticationService.Authenticating> event, but does not raise the <xref:System.Web.ApplicationServices.AuthenticationService.CreatingCookie> event.

> [!NOTE]
> Do not call the <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser%2A> method from code that is executing on the Web server. You call the <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser%2A> method only as part of a WCF service. For more information, see [ASP.NET Authentication](https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)).
> Do not call the <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser*> method from code that is executing on the Web server. You call the <xref:System.Web.ApplicationServices.AuthenticationService.ValidateUser*> method only as part of a WCF service. For more information, see [ASP.NET Authentication](https://learn.microsoft.com/previous-versions/aspnet/eeyk640h(v=vs.100)).

]]></format>
</remarks>
Expand Down
Loading
Loading