The IDLoginStatus Control
The IDLoginStatus control provides Windows Live ID authentication, which can be used to identify visitors to your web site. IDLoginStatus provides a unique, site-specific identifier for each Windows Live user. This allows web sites to personalize the experience for the visiting user.
When a user clicks on the sign-in link, the IDLoginStatus control redirects to the sign-in web page on Windows Live servers (http://login.live.com
) along with an application ID. After users enter their credentials, the sign-in page redirects them to the page with the IDLoginStatus control.
To obtain an application ID for your web site, you need to register your application with the Windows Live ID service. You can do so by visiting http://msm.live.com/app
(see the sidebar "Registering Your Application with Windows Live ID
IDLoginStatus provides an easy workflow for developers within the Visual Studio development environment. After you drag-and-drop the IDLoginStatus control onto your web page, you can get a new application ID by clicking "Create new Application ID" from the IDLoginStatus tasks (Figure 5
). After you complete application registration and close the form, the IDLoginStatus control saves the application ID and your application secret into Web.Config
and sets the ApplicationIDConfigKey
properties on the IDLoginStatus control. The control adds wll_appid
keys into the
section of the Web.Config
file. At run time, the control checks the ApplicationIDConfigKey
property values, and reads the Web.Config
|Figure 5. IDLoginStatus: You can get a new application ID from within Visual Studio by clicking "Create new Application ID."|
The following snippet from Web.Config
shows an example of the alterations:
<add key="wll_appid" value="FF167FFE80FFF932" />
<add key="wll_secret" value="CoDeMagazine123" />
The HTML declaration for the IDLoginStatus control looks like this:
IDLoginStatus offers both client side and server side events for sign-in/sign-out. IDLoginStatus also returns an AuthEventArgs instance, which contains:
- ApplicationUserID: The unique site-specific identifier for the signed-in user.
- TimeStamp: The time the user authenticated measured in seconds from Jan 1, 1970 GMT.
- ApplicationContext: A parameter that round-trips your application state through the redirections to and from the Windows Live servers).
If you are using ASP.NET membership, IDLoginStatus enables single-sign-on. You can set the AutomaticallyConvertAuthentication
property to true
. When true
, the IDLoginStatus control verifies whether the current signed-in user has previously associated with an ASP.NET membership profile, and if so, automatically logs in to ASP.NET membership based on that association. You'll see more about this in the next section.
You can find the complete reference
for the IDLoginStatus control online.
The IDLoginView Control
The IDLoginView control extends ASP.NET's LoginView control. Where the LoginView control provides template switching based on a user's logged-in state in ASP.NET membership, IDLoginView provides switching based on a user's logged-in state in both ASP.NET membership and Windows Live ID. The IDLoginView handles template switching and association of Windows Live ID and a user's ASP.NET membership profile.
IDLoginView adds three new templates in addition to the two provided in the LoginView control:
- AnonymousTemplate: Displayed to web site users who are not logged into the web site (inherited from LoginView).
- LoggedInTemplate: Displayed to web site users who are logged into ASP.NET membership at the web site (inherited from LoginView).
- LoggedInIDTemplate: Displayed to web site users who are logged in with Windows Live ID at the web site.
- LoggedInAllTemplate: Displayed to web site users who are logged into both ASP.NET membership and Windows Live ID.
- AssociatePromptTemplate: Displayed to web site users when they have logged in with both ASP.NET membership and Windows Live ID, but have not yet associated these two identities.
Not only does IDLoginView provide template switching based on a user's logged-in state, but it also allows users to associate their Windows Live ID and ASP.NET membership identities. Based on your choice, the control presents the AssociatePromptTemplate
to users, asking whether they want to associate their Windows Live ID and ASP.NET membership to get a single-sign-on experience.
Refer to Listing 4
) and Listing 5
) for the following discussion.
After you drag and drop the IDLoginView control onto your web page, start by setting these two properties: AutomaticallyAssociateAuthentication
. Setting the AutomaticallyAssociateAuthentication
property to true instructs the IDLoginView control to associate ASP.NET membership and Windows Live ID when a user is logged in with both identities. IDLoginView calls AssociationManager.AssociateAuthentication
passing the ApplicationUserID
(Windows Live ID's unique identifier for the signed-in user at your web site) and the ASP.NET membership identity. If you set the PromptOnAssociation
property to true
, the IDLoginView asks users whether to associate their Windows Live ID with their ASP.NET membership before establishing an association.
If you haven't already, you need to launch the ASP.NET Web Site Administration Tool from Website → ASP.NET Configuration. Please make sure that you make the following changes:
- Set Authentication type to "From the Internet". By default, this is not the case. You can access this setting from the Security tab of ASP.NET Web Site Administration, and then clicking "Select the authentication type."
- Set up a few users by choosing "Create User". This will create users for your web site who will be saved in the ASPNETDB.MDF database in the App_Data folder.
Having set up some users for the web site, you can test the template switching and association features in IDLoginStatus and IDLoginView, as provided in Listing 4
and Listing 5
You may be surprised to see that you all the template switching and association functionality is taken care of without you having to write a single line of code.
Here's how it works: When a web site visitor signs-in to your web page using the IDLoginStatus control, IDLoginStatus sets the webauth
cookie, which contains the ApplicationUserID
for the signed-in user. The IDLoginView detects the state change after the IDLoginStatus control sets this cookie. IDLoginView then switches the template to the LoggedInIDTemplate
and renders the specified contents. You can provide content applicable to users having Windows Live ID in this template. If a user signs in to ASP.NET membership, IDLoginView switches to the LoggedInAllTemplate
. At this time, if you had set the AutomaticallyAssociateAuthentication
properties to true
, IDLoginView renders the AssociatePromptTemplate
to the user. If the user chooses to associate the two identities, IDLoginStatus creates an association between Windows Live ID and ASP.NET membership.
event handler (see Listing 5
) shows how you can remove this association, if a user chooses to do so.
The AssociationManager allows a developer to directly query, set, or remove associations for the signed-in user. The Microsoft.Live.ServerControls namespace contains this class. Include a using statement for the Microsoft.Live.ServerControls namespace in your program.