advertisement
Login | Register   
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX

Is the SMB Protocol an Open Door to Network Intruders?
Cybersecurity and the Art of Misdirection
The Problems with Encrypting Data in the Cloud
In the Cloud, Encryption in Motion + Encryption at Rest = Not Good Enough
The Biggest Cybersecurity Story of the Week

advertisement
advertisement
 

Set Up Passport Authentication in ASP.NET : Page 2

Learn how to use basic authentication features in Microsoft Passport. Once you've gained an understanding of the Passport information exchange between users and sites, you'll be ready to write the code for your own Passport-enabled ASP.NET page.


by Bilal Siddiqui
Oct 2, 2003
Page 2 of 5
advertisement
Passport Information Exchange
Figure 1 shows the exchange of information that takes place when a browser-based user accesses a Passport-enabled site. Notice that three participants are involved in the conversation:
  1. The user is a client browser.
  2. The Passport-enabled application is a Web site or an e-commerce application that uses Passport for authentication purposes.
  3. The Passport server is the Passport-based authentication service hosted by Microsoft on its servers.

Passport Information Exchange
Figure 1: Passport Information Exchange When User Accesses Site

The following is an explanation of each step shown in Figure 1:

  1. A user accesses the Passport-enabled site using a browser.
  2. The Passport-enabled site detects that the HTTP request is coming from a user who is not yet authenticated. So it includes a Passport Sign-in button in its response to the user. (Figure 2 shows a simple Web page that includes a Passport sign-in button.)
  3. The user presses the sign-in button, which generates an authentication request to the Passport-enabled site. (For the sake of simplicity, Figure 1 shows the request going straight to the Passport server. In actuality, the Passport-enabled application redirects the request to the Passport server.)
  4. The Passport server, on receipt of the sign-in request, sends the user a Web page that includes the user name and password text-entry fields. (Figure 3 shows a simple page including these two text fields.)
  5. The user enters a login name and a password into the data-entry fields and presses the sign-in button. This generates an authentication request to the Passport server, which carries the user name and password to the Passport server.
  6. The Passport server, on receipt of the authentication request, checks the user name and password for authentication.
  7. If the user is successfully authenticated, he or she is redirected to the Passport-enabled site.
  8. The Passport-enabled application, on receipt of an authenticated request, grants the user access to the requested page.

Passport Sign-in Button
Figure 2: Web Page with a Passport Sign-in Button

User Name and Password Text Fields
Figure 3: Web Page with User Name and Password Text Fields

This simple eight-step procedure depicts how Passport-enabled applications coordinate with Passport servers and client browsers to perform user authentication. The following section explains the setup process a developer needs to follow before creating a Passport-enabled application.

« Previous Page 12345 Next Page »
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 
advertisement
Sitemap