for RuBoard |
Forms authentication is cool, but it has one potential failing. It requires users to create and maintain a set of credentials for every Web site that they visit. Wouldn't it be nice to have just one username and password that you could use at any site? That is the idea behind Microsoft Passport.
The first step to using Microsoft Passport is to request a Site ID. The Site ID identifies your site as a valid Passport partner and is used as a key by Passport to identify settings related to your site. When you have acquired a Site ID, you can configure your site to use Passport. Change the mode attribute of <authentication> element to Passport. A second optional element <passport> enables you to specify the location of the Passport login page via the redirectUrl attribute. A sample web.config for Passport authentication is shown in Listing 7.6.
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.web> <compilation defaultLanguage="c#" debug="true" /> <authentication mode="Passport"> <passport redirectUrl="login.aspx" /> </authentication> <authorization> <allow users="*" /> <!-- Allow all users --> </authorization> </system.web> <location path="attendees"> <system.web> <authorization> <deny users="?" /> </authorization> </system.web> </location> </configuration>
The rest of the web.config is very similar to what you used before with forms authentication. Now you need to provide a way for the user to log in. This is typically done with most participating Passport sites using a Passport logo that indicates whether the user is logged in or out. The PassportIdentity object provides a method LogoTag2() that returns the HTML necessary to display this logo.
This class contains functionality for interacting with the Passport authentication service.
If the user is not logged in, however, no PassportIdentity object is available. If User.Identity.IsAuthenticated returns false, you need to create a new instance of PassportIdentity and use it to output the login logo. This logo is frequently placed in a number of locations around a site, so it is a good idea to wrap it up in a Web user control. Listing 7.7 shows an example of this control.
namespace Passport { using System; using System.Data; using System.Drawing; using System.Web; using System.Web.UI.WebControls; using System.Web.UI.HtmlControls; /// <summary> /// Summary description for passportlogo. /// </summary> public abstract class passportlogo : System.Web.UI.UserControl { /// <summary> public passportlogo() { this.Init += new System.EventHandler(Page_Init); } private void Page_Load(object sender, System.EventArgs e) { System.Web.Security.PassportIdentity pi; if(HttpContext.Current.User.Identity.IsAuthenticated) pi = (System.Web.Security.PassportIdentity) HttpContext.Current.User.Identity; else pi = new System.Web.Security.PassportIdentity(); if(Request["ReturnURL"] == null) Response.Write(pi.LogoTag2("http://" + Request.ServerVariables["SERVER_NAME"].ToString() + HttpContext.Current.Request.Path, 600, false, "", 1033, false, "", 0, false)); else Response.Write(pi.LogoTag2(Request["ReturnURL"], 600, false, "", 1033, false, "", 0, false)); } private void Page_Init(object sender, EventArgs e) { // // CODEGEN: This call is required by the ASP.NET Web Form Designer. // InitializeComponent(); } #region Web Form Designer generated code /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// </summary> private void InitializeComponent() { this.Load += new System.EventHandler(this.Page_Load); } #endregion } }
The user control first looks to see whether the user has been authenticated. If he is authenticated, the user control then grabs the PassportIdentity of the user. If he is not authenticated, a new PassportIdentity is created. The LogoTag2 method of the PassportIdentity object is then used to output the appropriate login or logout logo for Passport.
This user control can now be placed on the home page to provide a way to log in. When a user attempts to access a page for which he has insufficient permissions, he is redirected to the URL indicated in the redirectUrl attribute of the <passport> element. This page should show a message indicating to the user that he attempted to access authenticated content and provide a way to log in. The easiest way to do this is to include the passportlogo user control that you created in Listing 7.7. A sample login.aspx page is shown in Listing 7.8.
<%@ Page language="c#" Codebehind="login.aspx.cs" AutoEventWireup="false" Inherits="Passport.login" %> <%@ Register TagPrefix="uc1" TagName="passportlogo" Src="passportlogo.ascx" %> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" > <HTML> <HEAD> <meta name="GENERATOR" Content="Microsoft Visual Studio 7.0"> <meta name="CODE_LANGUAGE" Content="C#"> <meta name="vs_defaultClientScript" content="JavaScript (ECMAScript)"> <meta name="vs_targetSchema" content="http://schemas.microsoft.com/ intellisense/ie5"> </HEAD> <body> <form id="login" method="post" runat="server"> <P> You must login to access that content... Click on the passport logo to log in... </P> <P> <uc1:passportlogo id="Passportlogo1" runat="server"> </uc1:passportlogo> </P> </form> </body> </HTML>
If you want to use the personalization features of Microsoft Passport, you will also be interested in the Profile collection. The GetProfileObject method of the PassportIdentity allows you to retrieve attributes from the user's Passport profile. The valid attributes are listed in Table 7.1.
Attribute Name | Description | Validation Rules |
---|---|---|
Accessibility | Indicates whether accessibility features should be enabled on participant sites for this user. 0=no; 1=yes. | Must be 0 or 1. |
BDay_precision | Defines the precision of the Birthdate attribute. | 0, 1, 2, 3, or Null. |
Birthdate | Contains the user's birth year or birth date. | Only dates since 12/30/1899 are valid. |
City | GeoID that maps to the user's city. | Must be a valid GeoID. |
Country | ISO 3166 country code for the user's country. | |
Gender | Gender of user. | Must be Null, M, F, or U. |
Lang_Preference | LCID of the user's preferred language. | |
MemberName | A legacy attribute that no longer contains a sign-in name, but can be used to determine a user's domain. Use DomainFromMemberName() . | |
Nickname | Friendly name the user would like to be greeted by. | |
PreferredEmail | The user's e-mail address. | |
PostalCode | Stores the postal code for the United States and other countries , where appropriate. | |
ProfileVersion | Represents the version of the user's core profile. | N/A |
Region | GeoID that maps to the region within the user's country. | Must be a valid GeoID. |
Wallet | Indicates whether the user has established a Passport wallet. | 0=no; 1=yes. |
To use the profile data, just pass the name of the core attribute you are interested in to the GetProfileAttribute() method. Listing 7.9 shows a page that retrieves the e-mail address and member name of a user.
using System; using System.Collections; using System.ComponentModel; using System.Data; using System.Drawing; using System.Web; using System.Web.SessionState; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.HtmlControls; namespace Passport { /// <summary> /// Summary description for CDefault. /// </summary> public class CDefault : System.Web.UI.Page { public CDefault() { Page.Init += new System.EventHandler(Page_Init); } private void Page_Load(object sender, System.EventArgs e) { if(User.Identity.IsAuthenticated) { System.Web.Security.PassportIdentity pi = (System.Web.Security.PassportIdentity)User.Identity; Response.Write("<BR>"); Response.Write("User.Identity.Name: " + User.Identity.Name); Response.Write("<BR>"); Response.Write("Preferred Email: " + pi["preferredemail"].ToString()); Response.Write("<BR>"); Response.Write("Member name: " + pi["membername"].ToString()); Response.Write("<BR>"); } } private void Page_Init(object sender, EventArgs e) { // // CODEGEN: This call is required by the ASP.NET Web Form Designer. // InitializeComponent(); } #region Web Form Designer generated code /// <summary> /// Required method for Designer support - do not modify /// the contents of this method with the code editor. /// </summary> private void InitializeComponent() { this.Load += new System.EventHandler(this.Page_Load); } #endregion } }
When using Passport authentication, User.Identity.Name does not return the login name of the user; instead, it returns a Passport User ID (PUID). You should use this as a key to any user-specific data you are storing, rather than using the member name or e-mail address (which can change) from the profile.
for RuBoard |