InfoCard from the Browser

Implementing InfoCard in websites is, if anything, easier than adding it to a WCF application. InfoCard is supported by Internet Explorer 7.0 and will work with builds after the IE7 Beta 2 Preview (the magic ingredient is icardie.dll, but you must also have the rest of the InfoCard system installed via WinFx). I hope also that by the time this book gets into your hands you will be able to try this code (successfully) on other browsers.

Go into IIS Manager and create a virtual directory, called, say, infocard. Into that directory we will put four files, but first we will use the Fabrikam certificate from the preceding WCF sample to provide an SSL certificate for the site to provide a secure channel. Right-click Default Web Site and select the Directory Security tab. Then click the Server Certificate button and choose Assign an Existing Certificate. Provided you have imported the .pfx file into your certificate store, the Fabrikam certificate should be visible in the Available Certificates dialog. Select it and finish the wizard.

If you want to see the spectacular way IE7 warns you when an SSL certificate name does not match the URL of a website, you can omit the next step, which is to modify the hosts file in C:\WINDOWS\system32\drivers\etc to have the following entry:

127.0.0.1 localhost fabrikam

This makes it a slightly smoother experience because you can refer to the site as http://fabrikam. If you omit this step, be sure to modify the code and config that follow to use the correct URLs.

Now, provided you have ASP.NET installed (if you installed .NET 2.0 before IIS, you won't), you can now create the four files that illustrate the InfoCard experience on a web page. Again, the following examples are as simple as possible but no simpler.

The first file is the default web page, default.htm:

[View full width]
<html>   <head>     <title>InfoCard</title>   </head>   <body>     <form name="ctl00" method="post" action="https://fabrikam/infocard/Main.aspx" >       <input type="submit" name="InfoCardSignin" value="Log in using InfoCard"   />       <OBJECT type="application/infocard" name="xmlToken">         <PARAM Name="tokenType" Value="urn:oasis:names:tc:SAML:1.0:assertion">         <PARAM Name="issuer" Value="http://schemas.microsoft.com/ws/2005/05/identity /issuer/self">         <PARAM Name="requiredClaims" Value="http://schemas.microsoft.com/ws/2005/05 /identity/claims/givenname, http://schemas.microsoft.com/ws/2005/05/identity/claims/surname">       </OBJECT>     </form>   </body> </html>

This is an HTML page with a button that posts to the next page, main.aspx. The magic is in the <OBJECT> tag (we are using the ActiveX control in icardie.dll), which has a special type, application/infocard, and three PARAM tags specifying the token type (SAML 1.0), the token issuer (self-issued), and the required claims (first name and surname).

Next is main.aspx:

[View full width]
<%@ ValidateRequest="false" Language="C#" AutoEventWireup="true" CodeFile="Main.aspx.cs"  Inherits="_Default" %> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR /xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" >   <head runat="server">     <title>Main</title>   </head>   <body>     <form  runat="server">       <asp:Label  runat="server" Text="Label" Font-Size="X-Large"  ForeColor="Navy"></asp:Label>&nbsp;     </form>   </body> </html>

And main.aspx.cs:

using System; public partial class _Default : System.Web.UI.Page {   protected void Page_Load(object sender, EventArgs e)   {     string tokenString = Request["xmlToken"];     if (null == tokenString)     {       Response.Redirect("default.htm?error=logonFailed");     }     else     {       this.Label1.Text = "Hello, world!";     }   } }

Finally there is the web.config file (actually, our example is so simple that this can be omitted):

[View full width]
<?xml version="1.0"?> <configuration>   <appSettings/>   <connectionStrings/>   <system.web>     <compilation debug="true">       <assemblies>         <add assembly="System.Xml, Version=2.0.0.0, Culture=neutral,  PublicKeyToken=b77a5c561934e089"/>         <add assembly="System, Version=2.0.0.0, Culture=neutral,  PublicKeyToken=b77a5c561934e089"/>         <add assembly="System.Security, Version=2.0.0.0, Culture=neutral,  PublicKeyToken=B03F5F7F11D50A3A"/>       </assemblies>     </compilation>     <authentication mode="Windows"/>     <customErrors mode="Off"/>   </system.web> </configuration>

Try browsing directly to http://fabrikam/infocard/main.aspx. You will be redirected to http://fabrikam/infocard/default.htm because you do not have the security token. However, if you click on the button and select a card, you will able to get to main.aspx. We are not doing anything with the claims in the security token, but we could crack open the token, examine the claims, and make authentication and authorization decisions based on them. There will be functionality for doing this easily in a future WinFx CTP. A full website solution would have a relying party STS return a cookie for the browser to use to access pages on the site.

The IE7 Beta 2 Preview doesn't yet support the binary behavior implementation of InfoCard, but I'll include the code here for your information and for later builds. This is the binary behavior equivalent of default.htm. Again, it's pretty simple:

[View full width]
<html XMLNS:ic>   <body>     <form method="post" action="https://fabrikam/infocard/Main.aspx" >       <ic:informationCard name='xmlToken' style='behavior:url(#default#informationCard)'  issuer='http://schemas.microsoft.com/ws/2005/05/identity/issuer/self' tokenType='urn:oasis :names:tc:SAML:1.0:assertion'>       <ic:add claimType='http://schemas.microsoft.com/ws/2005/05/identity/claims /givenname' optional='false'/>       <ic:add claimType='http://schemas.microsoft.com/ws/2005/05/identity/claims/surname '  optional='false'/>       <ic:/informationCard>     <input type="submit" name="InfoCardSignin" value="Log in using InfoCard"   />     </form>   </body> </html>