Browse DevX
Sign up for e-mail newsletters from DevX


Enable Single Sign-on in ASP.NET with Passport : Page 2

Learn how to use Microsoft Passport's authentication features to enable single sign-on (SSO) in your Web applications. This article details the features that comprise SSO and demonstrates the SSO process.




Building the Right Environment to Support AI, Machine Learning and Deep Learning

Data Formats and Information Flow in Passport-based SSO
To fully demystify the Passport technology, this section discusses the data formats used during Passport-based authentication. The authentication information flows over the Internet in the form of HTTP URLs. This section lists all the URLs and explains which information they carry. (Refer back to Figure 1 and the explanation of each authentication step in "Set Up Passport Authentication in ASP.NET.")

URL That Identifies Passport-enabled Applications
The first URL involved in the Passport process is the URL that identifies Passport-enabled applications (for example, http://www.MyPassportEnabledApplication.com, a fictitious URL). The user enters this URL in his or her browser and starts browsing. In the previous article, I instantiated a PassportIdentity object and then called its LogoTag2 method. The LogoTag2 method of the PassportIdentity object in a Passport-enabled application checks whether the request from the user contains any authentication information. If no authentication information accompanies the request, the LogoTag2 method serves a sign-in button in response.

For example, because the example URL in the previous paragraph does not contain any authentication data, the LogoTag2 method in a Passport-enabled application would serve the sign-in button in response to it. Figure 1 (a screen shot of a fictitious tour operator) shows how the sign-in button looks. (The ASP.NET page for this application is included in the code download for this article.)

Click to enlarge
Figure 1: A Web Page with a Sign-in Button

The code for the Figure 1 sign-in button looks something like this:

<A HREF="www.MyPassportEnabledApplication.com/?msppchlg=1&
ns=localhost&ver=2.1.0191.1&tpf=594cb4b7134ac2b6c4b9d71c0b9e6f8d"> <IMG SRC=http://current-www.passportimages.org/1033/signin.gif CLASS="PassportSignIn" BORDER="0" ALT="Sign in with your Passport."/> </A>

The HREF attribute of the <A> tag points to a target URL address (www.MyPassportEnabledApplication.com/ along with some parameter-value pairs), while the <IMG> tag points to the source of the sign-in button image. When the user presses the sign-in button, his or her browser visits the target URL (which is the value of the HREF attribute of the <A> tag):

mspplogin=http://current- login.passporttest.com/login.srf?lc=1033&id=32842&

This URL is the same as the example Passport-enabled application (http://www.MyPassportEnabledApplication.com), along with some parameters. So pressing the sign-in button sends the parameters to the example Passport-enabled application.

URL for the Address of the Passport Login Site
When the PassportIdentity class in a Passport-enabled application sees the parameters described in the sidebar coming from the browser, it redirects the user to another URL, as shown below:


This URL is the address of the Passport login site, which serves the login page (see Figure 2).

Click to enlarge
Figure 2: The Login Page

The user enters his user name and password and presses the sign-in button. This time the app sends a secure HTTP request to the secure HTTP server that Microsoft hosts for Passport login. This secure channel maintains the confidentiality of the user's password as it goes to the Passport server. Notice that the login page in Figure 2 has two check boxes: Sign me in automatically and I'm using a public computer. These boxes are the opposite of each other and checking one automatically unchecks the other. The boxes control whether the app stores authentication data in the user's browser (as cookies). If the Sign me in automatically box is checked, the data is stored in the user's browser. If the user is browsing from a public computer (e.g., in an Internet caf

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date