Developing an ASP.NET Application with Passport Authentication
Using MS .NET Passport greatly simplifies the authentication process. You just need to instantiate a PassportIdentity object and then call its methods.
Listing 1 shows an ASP page that makes use of the PassportIdentity class. Notice the call to the PassportIdentity constructor, which does not take any argument and returns a PassportIdentity object:
Dim passportId As New System.Web.Security.PassportIdentity()
Once you have a PassportIdentity object, call its LogoTag2 method:
Author's Note: Older versions of Passport SDK (versions earlier than 1.4) contain a deprecated method named LogoTag, which serves the same purpose that LogoTag2 does. LogoTag follows a slightly different authentication sequence from LogogTag2, and older applications need to change the method name from LogoTag to LogoTag2 to work with later versions.
The LogoTag2 method automatically checks whether the user accessing the site has sent authentication information along with his or her request. If it finds the authentication information, it concludes that the user is already authenticated and produces the HTML code and the image for the Sign-out button. If the user is not authenticated, it produces the HTML code and the image for the sign-in button (as shown in Figure 2). Listing 2 provides the complete HTML code for the page shown in Figure 2.
When the user presses the sign-in button, it generates a sign-in request to the Passport server, which returns the page shown in Figure 3. (Listing 3 provides the HTML code for this page.) As you'll recall, the page in Figure 3 contains two fields, one for the user name and the other for the password. The user enters the test account information that he or she created in Step 13 and presses the sign-in button, generating an authentication request to the Passport server. After authentication, the Passport server returns the user to the Passport-enabled site, which in this case is the same as the ASP.NET page shown in Listing 1.
This time, the Passportidentity.LogoTag2 method shows the Sign-out imagenot the Sign-in image (see Figure 13). Know why? Because the Passport server, while redirecting the user to the Passport-enabled site, sent all the authentication information as parameter-value pairs along with the re-direction URL. The PassportIdentity.LogoTag2 method automatically detected the correct authentication information (as parameter-value pairs) and displayed the Sign-out image.
|Figure 13: Passportidentity.LogoTag2 Method Shows Sign-out Image|
The authentication process is now complete.
Interesting Properties of the PassportIdentity Class
All the properties of the PassportIdentity class are included in the code block within the "
if passportId.isAuthenticated" statement (see Listing 1). This code block did not execute when the unauthenticated user visited your ASP.NET page for the first time. It executed only when the user was redirected to your ASP.NET page after a successful authentication.
You usually use these properties to fetch, store, or process information related to the user accessing your ASP.NET page. However, for the sake of demonstration, Figure 13 simply displays the information to the user. You would use the properties according to the business logic of your application.
Listing 4 is the HTML code that the Passport server will generate when your ASP.NET page is accessed after authentication. Compare Listing 4 with Listing 2 (the one that contains HTML code for the same ASP.NET page when accessed before authentication). The two listings are quite different from each other. The PassportIdentity class makes the difference.
Stay Tuned for SSO
In this article, you've learned how to use basic authentication features in MS Passport. You now understand the information exchange that occurs when a user accesses a Passport-enabled application. You can prepare a development machine for Passport applications and write code for a Passport-enabled ASP.NET page.
The second article in this series will demonstrate SSO across different ASP.NET applications. It also will explain the data format different parties use to communicate and discuss the use of keys, certificates, and tickets to carry information securely across the Internet. A detailed discussion of the logout procedure also will be discussed.