Set Up Passport Authentication in ASP.NET : Page 2
Learn how to use basic authentication features in Microsoft Passport. Once you've gained an understanding of the Passport information exchange between users and sites, you'll be ready to write the code for your own Passport-enabled ASP.NET page.
by Bilal Siddiqui
Oct 2, 2003
Page 2 of 5
Passport Information Exchange Figure 1 shows the exchange of information that takes place when a browser-based user accesses a Passport-enabled site. Notice that three participants are involved in the conversation:
The user is a client browser.
The Passport-enabled application is a Web site or an e-commerce application that uses Passport for authentication purposes.
The Passport server is the Passport-based authentication service hosted by Microsoft on its servers.
Figure 1: Passport Information Exchange When User Accesses Site
The following is an explanation of each step shown in Figure 1:
A user accesses the Passport-enabled site using a browser.
The Passport-enabled site detects that the HTTP request is coming from a user who is not yet authenticated. So it includes a Passport Sign-in button in its response to the user. (Figure 2 shows a simple Web page that includes a Passport sign-in button.)
The user presses the sign-in button, which generates an authentication request to the Passport-enabled site. (For the sake of simplicity, Figure 1 shows the request going straight to the Passport server. In actuality, the Passport-enabled application redirects the request to the Passport server.)
The Passport server, on receipt of the sign-in request, sends the user a Web page that includes the user name and password text-entry fields. (Figure 3 shows a simple page including these two text fields.)
The user enters a login name and a password into the data-entry fields and presses the sign-in button. This generates an authentication request to the Passport server, which carries the user name and password to the Passport server.
The Passport server, on receipt of the authentication request, checks the user name and password for authentication.
If the user is successfully authenticated, he or she is redirected to the Passport-enabled site.
The Passport-enabled application, on receipt of an authenticated request, grants the user access to the requested page.
Figure 3: Web Page with User Name and Password Text Fields
This simple eight-step procedure depicts how Passport-enabled applications coordinate with Passport servers and client browsers to perform user authentication. The following section explains the setup process a developer needs to follow before creating a Passport-enabled application.