|start | find | index | login or register | edit|
by earl, 6843 days agoAs Microsoft's Passport Site requires a Passport to be useful, I've extracted some information regarding Single-Sign-In for my own reference and to satisfy my 'how does Microsoft do it' curiosity.
"The primary goals of a Web site implementing the Microsoft® Passport single sign-in (SSI) service can be summarized as follows:
"All of these goals are accomplished by including the Passport Manager object as a server-side object on any page where Passport authentication will be used."
Complete Passport Manager API
Really relevant for SSI are the following methods, which really implement the SSI functionality. To retrieve an user's profile when successfully signed in, 2 more Passport Manager parts are needed (the HasProfile method and the Profile property - browse through the link given above).
IsAuthenticated"Detects the presence of a valid Passport Ticket cookie in the caller's domain or a fresh Ticket on the query string. If the Ticket is present and the parameters are satisfied, then this method returns True. If the Ticket is not present or the parameters are not satisfied, then this method returns False."
bool IsAuthenticated( [int TimeWindow], [bool ForceLogin], [bool CheckSecure] )
"Returns True if users have been signed in to the calling domain within the time specified by TimeWindow. If ForceLogin was set to True, then users must also have given their passwords at the Login server within the time specified by TimeWindow. All other cases return False."
Reference page for IsAuthenticated
Login User"Logs the user on, either by outputting a 302 redirect URL, or initiating a Passport-aware client authentication exchange. This method supports Passport-aware client applications and the credentials manager as used in Microsoft Windows XP operating system.
"In the former case, the Passport user's client is determined to not be inherently Passport-aware, and all authorization interactions default to the mechanisms used in previous Passport releases. This method writes a 302 redirect into the HTTP response sent to the user in the page where LoginUser is invoked. All other elements of the response will thus be flushed. The 302 redirect points the user to the Passport Login server. After authentication, the user will again be redirected back to the return URL specified in LoginUser method parameters.
"In the latter case, authorization is handled through exchange of information in a series of HTTP challenges and responses, authentication credentials are potentially storable by the client, and the client can present its global authentication UI instead of displaying the HTML page used for Passport UI in default browser clients."
Reference page for LoginUser
LogoTag2"Returns an HTML snippet which includes an IMG tag for a Passport link. The link displays either Sign In if no valid Ticket cookie is detected, or Sign Out if a valid Ticket cookie is detected. Can also contact Update server if Profile cookie information has been changed locally. Each IMG source includes an associated HREF to sign in, refresh credentials, or sign out as appropriate."
LogoTag2 is the method not implementing Kids Passport service. It essentially takes LoginUser's parameters and passes them through to LoginUser.
Reference page for LogoTag2
most content Copyright (C) 1999-2001 Microsoft Corporation (this includes all quoted parts as well as the remarks to IsAuthenticated)
|earl.strain.at • esa3 • online for 6976 days • c'est un vanilla site|