Lesson 4: Using Passport Authentication

Previous page
Table of content
Next page

Lesson 4: Using Passport Authentication

Passport authentication identifies users via Microsoft Passport s single sign-on service. Microsoft Passport is meant to provide Internet users with a single identity that they can use to visit a wide variety of Web sites that require authentication. Information about the user is available to your application through a profile that is stored with Microsoft.

The advantages of Passport authentication are that the user doesn t have to remember separate user names and passwords for various Web sites and that the user can maintain his or her profile information in a single location. Passport authentication also provides access to other Microsoft services, such as Passport Express Purchase.

After this lesson, you will be able to

  • Install the Passport SDK

  • Activate Passport authentication for your application

  • Get information from the user s Passport profile

  • Sign out the user from your Web application by deleting the Passport cookies

Estimated lesson time: 20 minutes

Enabling Passport Authentication

Passport authentication uses the Microsoft centralized authentication provider to identify users. Passport provides a way to for users to use a single identity across multiple Web applications. To use Passport authentication in your Web application, you must install the Passport SDK, which is available by searching the Downloads area of the Microsoft Developer Network (MSDN), at http://msdn.microsoft.com/downloads.

The Passport SDK is free for preproduction development and testing. To deploy a site for public use, you must obtain an annual license from Microsoft. You can obtain more information about licensing from http://www.microsoft.com/netservices/passport/.

When a user accesses an application that implements Passport authentication, ASP.NET checks the user s machine for a current passport authentication cookie. If none is found, ASP.NET directs the user to a Passport sign-on page. Once the user signs in, the Passport service authenticates the user, stores an authentication cookie on the user s computer, and directs the user back to the originally requested Web page. Figure 8-13 illustrates the Passport authentication process.

figure 8-13 the passport authentication process

Figure 8-13. The Passport authentication process

To use Passport authentication, follow these steps:

  1. Install the Passport SDK. Passport is not included with Visual Studio, although the .NET Framework does include classes for working with the Passport SDK once it is installed.

  2. Set the application s authentication mode to Passport in Web.config. Set authorization to deny unauthenticated users.

  3. Use the PassportAuthentication_OnAuthenticate event to access the user s Passport profile to identify and authorize the user.

  4. Implement a sign-out procedure to remove Passport cookies from the user s machine.

For example, the following Web.config settings enable Passport authentication and require all users to be authenticated:

<authentication mode="Passport" /> <authorization> <deny users="?" /> <!-- Deny unauthenticated users --> </authorization>

When you run an application locally with these settings, you are automatically redirected to the Passport sign-on page. If you ve installed the preproduction (unlicensed) version of the Passport SDK, the sign-on page is not the same as the page displayed for a deployed site. Figure 8-14 shows the two Passport sign-on pages.

figure 8-14 passport sign-on pages

Figure 8-14. Passport sign-on pages

Once the user has signed in, Passport stores an authorization cookie on the user s machine and redirects the user back to his or her originally requested page. Passport stores a profile of information about the user. You can access that profile from the PassportAuthentication_OnAuthenticate event in the Global.asax module, as shown here:

Visual Basic .NET

' Add at module-level. Imports System.Web.Security Private Sub PassportAuthentication_OnAuthenticate(ByVal sender As Object, _ ByVal e As PassportAuthenticationEventArgs) ' Get Session's passport identity if authenticated. If e.Identity.IsAuthenticated Then Response.Write("Name: " & e.Identity.Item("FirstName") & _  " " & e.Identity.Item("LastName") & "<br>") Response.Write("Address: " & e.Identity.Item("City") & _  "   " & e.Identity.Item("PostalCode") & "<br>") Response.Write("Email: " & e.Identity.Item("PreferredEmail") & _  "<br>") Response.Write("Passport ID: " & e.Identity.Name & "<br>") End If End Sub

Visual C#

// Add at module-level. using System.Web.Security; protected void PassportAuthentication_OnAuthenticate(Object sender, PassportAuthenticationEventArgs e) { // Get Session's passport identity if authenticated. if (e.Identity.IsAuthenticated) { Response.Write("Name: " + e.Identity["FirstName"] +  " " + e.Identity["LastName"] + "<br>"); Response.Write("Address: " + e.Identity["City"] +  "   " + e.Identity["PostalCode"] + "<br>"); Response.Write("Email: " + e.Identity["PreferredEmail"] +  "<br>"); Response.Write("Passport ID: " + e.Identity.Name + "<br>"); } }

The preceding code displays the user s name, location, and identity information from his or her Passport profile. If you ve installed the preproduction Passport SDK, that information reflects a test account rather than live data, as shown in Figure 8-15.

figure 8-15 passport identity information for the test account

Figure 8-15. Passport identity information for the test account

The Passport authorization and profile information are stored in five separate cookies on the user s machine. The Passport SDK requires that you remove these cookies when the user signs out of your Web application. The following event procedure demonstrates how to sign out by deleting the Passport cookies:

Visual Basic .NET

Private Sub butSignOut_Click(ByVal sender As System.Object, _ ByVal e As System.EventArgs) Handles butSignOut.Click ' Sign out by deleting Passport cookies. Response.Cookies("MSPProf").Expires = Now Response.Cookies("MSPAuth").Expires = Now Response.Cookies("MSPSecAuth").Expires = Now Response.Cookies("MSPProfC").Expires = Now Response.Cookies("MSPConsent").Expires = Now ' Redisplay this page (goes back to sign-on). Response.Redirect("UserInfo.aspx") End Sub

Visual C#

private void butSignOut_Click(object sender, System.EventArgs e) { // Sign out by deleting Passport cookies. Response.Cookies["MSPProf"].Expires = DateTime.Now; Response.Cookies["MSPAuth"].Expires = DateTime.Now; Response.Cookies["MSPSecAuth"].Expires = DateTime.Now; Response.Cookies["MSPProfC"].Expires = DateTime.Now; Response.Cookies["MSPConsent"].Expires = DateTime.Now; // Redisplay this page (goes back to sign-on). Response.Redirect("UserInfo.aspx"); }

Passport authentication also provides additional commercial and child-protection features that are explained in the Passport SDK.


Previous page
Table of content
Next page
MCAD(s)MCSD Self-Paced Training Kit(c) Developing Web Applications With Microsoft Visual Basic. Net and Microsoft V[. .. ]0-315
MCAD(s)MCSD Self-Paced Training Kit(c) Developing Web Applications With Microsoft Visual Basic. Net and Microsoft V[. .. ]0-315
ISBN: N/A
EAN: N/A
Year: 2003
Pages: 118
BUY ON AMAZON
OpenSSH: A Survival Guide for Secure Shell Handling (Version 1.0)
Software Configuration Management
The Complete Cisco VPN Configuration Guide
Data Structures and Algorithms in Java
User Interfaces in C#: Windows Forms and Custom Controls
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy