AjaxNetProfessional 23.5.10.1

.NET Framework 2.0

dotnet add package AjaxNetProfessional --version 23.5.10.1

NuGet\Install-Package AjaxNetProfessional -Version 23.5.10.1

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="AjaxNetProfessional" Version="23.5.10.1" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

paket add AjaxNetProfessional --version 23.5.10.1

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: AjaxNetProfessional, 23.5.10.1"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

// Install AjaxNetProfessional as a Cake Addin
#addin nuget:?package=AjaxNetProfessional&version=23.5.10.1

// Install AjaxNetProfessional as a Cake Tool
#tool nuget:?package=AjaxNetProfessional&version=23.5.10.1

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Ajax.NET Professional

Ajax.NET Professional (AjaxPro) is one of the first AJAX frameworks available for Microsoft ASP.NET.

The framework will create proxy JavaScript classes that are used on client-side to invoke methods on the web server with full data type support working on all common web browsers including mobile devices. Return your own classes, structures, DataSets, enums,... as you are doing directly in .NET.

Quick Guide

Download the latest Ajax.NET Professional
Add a reference to the AjaxPro.2.dll (for the .NET 1.1 Framework use AjaxPro.dll)
Add following lines to your web.config if you are using Integrated IIS pipeline mode:

<configuration>
	<location path="ajaxpro">
		<system.webServer>
			<handlers>
				<add name="AjaxPro" verb="GET,POST" path="*.ashx" type="AjaxPro.AjaxHandlerFactory,AjaxPro.2" />
			</handlers>
		</system.webServer>
	</location>
</configuration>

If you are using Classic IIS pipeline mode, then please add following lines:

<configuration>
	<location path="ajaxpro">
		<system.web>
			<httpHandlers>
				<add verb="GET,POST" path="*.ashx" type="AjaxPro.AjaxHandlerFactory,AjaxPro.2"/>
			</httpHandlers>
		</system.web>
	</location>
</configuration>

Now, you have to mark your .NET methods with an AjaxMethod attribute

[AjaxPro.AjaxMethod]
public DateTime GetServerTime()
{
	return DateTime.Now;
}

To use the .NET method on the client-side JavaScript you have to register the methods, this will be done to register a complete class to Ajax.NET

namespace MyDemo
{
	public class DefaultWebPage
	{
		protected void Page_Load(object sender, EventArgs e)
		{
			AjaxPro.Utility.RegisterTypeForAjax(typeof(DefaultWebPage));
		}

		[AjaxPro.AjaxMethod]
		public static DateTime GetServerTime()
		{
			return DateTime.Now;
		}
	}
}

If you start the web page two JavaScript includes are rendered to the HTML source
To call a .NET method form the client-side JavaScript code you can use following syntax

function getServerTime() {
	MyDemo.DefaultWebPage.GetServerTime(getServerTime_callback);  // asynchronous call
}

// This method will be called after the method has been executed
// and the result has been sent to the client.
function getServerTime_callback(res) {
	alert(res.value);
}

Example Projects

I have created some example web projects that I am using also using for testing. Please download the code from Ajax.NET Professional Starter Kit.

Compiler Options

NET20 compiles .NET 4.8 assemblies AjaxPro.2.dll (otherwise original it was .NET 1.1, AjaxPro.dll)
JSONLIB compiles JSON parser only (AjaxPro.JSON.2.dll or AjaxPro.JSON.dll)
NET20external is setting the assembly name to AjaxPro.2.dll, compatibility
TRACE is no longer used

Security Settings

In web.config you can configure different security related settings.

One of the most important is to set a Content-Security-Policy HTTP response header to ensure to trust only JavaScript and other resources that are coming from your web server or trusted locations. As AjaxPro is generating some JavaScript files on-the-fly you can set the JavaScript nonce in your web.config:

<configuration>
	<ajaxNet>
		<ajaxSettings>
			<contentSecurityPolicy nonce="abcdefghijklmnopqrstuvwxyz" />
		</ajaxSettings>
	</ajaxNet>
	<system.webServer>
		<httpProtocol>
			<customHeaders>
				<add name="Content-Security-Policy" 
					 value="frame-ancestors www.mydomain.com; script-src 'self' https://www.mydomain.com 'unsafe-eval' 'unsafe-hashes' 'nonce-abcdefghijklmnopqrstuvwxyz';" />
			</customHeaders>
		</httpProtocol>
	</system.webServer>
</configuration>

Serialization settings

AjaxPro allows the deserialization of arbitrary .NET classes as long as they are a subtype of the expected class. This can be dangerous if the expected class is a base class like System.Object with a large number of derived classes. The .NET framework contains several "dangerous" classes that can be abused to execute arbitrary code during the deserialization process.

For security reasons AjaxPro provides the jsonDeserializationCustomTypes setting, which allows to restrict the classes that can be deserialized. The setting supports allow- and blocklists, the default behaviour is deny.

The following example shows an allow list configuration that only allows the deserialization of objects from a specific namespace:

<configuration>
	<ajaxNet>
		<ajaxSettings>
			<jsonDeserializationCustomTypes default="deny">
				<allow>MyOwnNamespace.*</allow>
			</jsonDeserializationCustomTypes>
		</ajaxSettings>
	</ajaxNet>
  ...
</configuration>

The following example shows the block-list approach were only the deserialization of specifc "dangerous" classes gets blocked. This is not recommended as developers need to maintain a list of dangerous classes.

<configuration>
	<ajaxNet>
		<ajaxSettings>
			<jsonDeserializationCustomTypes default="allow">
				<deny>System.Configuration.Install.AssemblyInstaller</deny>
			</jsonDeserializationCustomTypes>
		</ajaxSettings>
	</ajaxNet>
  ...
</configuration>

Product	Compatible and additional computed target framework versions.
.NET Framework	net20 is compatible. net35 was computed. net40 was computed. net403 was computed. net45 was computed. net451 was computed. net452 was computed. net46 was computed. net461 was computed. net462 was computed. net463 was computed. net47 was computed. net471 was computed. net472 was computed. net48 is compatible. net481 was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

.NETFramework 2.0
- No dependencies.
.NETFramework 4.8
- No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last updated
23.5.10.1	487	5/10/2023
23.5.5.1	251	5/5/2023
22.3.20.1	5,765	3/20/2022
21.12.22.1	933	12/22/2021
21.12.21.1	853	12/21/2021
21.12.8.1	886	12/8/2021
21.11.29	1,650	12/3/2021
21.11.22	1,058	11/22/2021
21.10.30	1,350	11/22/2021

Total 13.2K

Current version 487

Per day average 14

ajax ajaxpro ajaxnet dotnet

2023, Michael Schwarz