RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Building Personalized Applications on the Windows Live ID Platform : Page 2

Windows Live ID offers a simple way for you to get Live ID authentication in both web and rich client applications, letting you tap into over 400 million Live ID users.

The Web Authentication Flow
Figure 1 shows the Web authentication flow:

Figure 1. Web Authentication Flow: The figure shows how credentials and authentication tokens flow from a web application to Windows Live and back.
  1. A User visits your Web site.
  2. Your site displays a sign-in link in an IFRAME element.
  3. The user clicks the sign-in link.
  4. Windows Live ID returns the sign-in page.
  5. The User supplies Windows Live ID credentials on the sign-in page and submits the form.
  6. Windows Live ID validates the user's credentials.
  7. Windows Live ID authentication server redirects the user to your site along with an authentication token as a form post parameter. This token is proof that Windows Live ID has verified the user's identity. Your site can decrypt this token to obtain the user's unique site-specific identifier.
  8. Your site uses the unique site-specific identifier to store or display protected or personalized content. You also incorporate the Live Contacts Control and Live Spaces Photo Controls into your site.
System Requirements for Web Authentication
Web Authentication uses industry-standard HTTP protocols and does not depend on any precompiled or executable components. You can implement it on any Web-development platform. The SDK provides samples for ASP.NET, Perl, Java, Ruby, Python, and PHP. It uses the standard encryption algorithm available on these platforms.

Getting Started with Web Authentication
Do the following to start using Windows Live Web Authentication in your Web application:

  • Register your Web application.
  • Display the sign-in/sign-out link.
  • Handle responses from Windows Live ID authentication server to implement login, logout, and clear cookie.
  • Incorporate Windows Live Controls.
  • Integrate with Windows Live APIs to access other Live services via delegation.
Registering Your Web Application
To use Windows Live ID Web Authentication on your site, you must use a valid Live ID to register your Web site with Microsoft as an application. The Windows Live ID application management page assists you with the registration process, issues you an application ID for use with the service, and provides a place for you to manage all the applications you register.

When you register your application, you must provide the following information:

  • Application Name: The unique and friendly name you use to refer to your application.
  • Return URL: The URL of the page on your Web site that handles responses from the Windows Live ID authentication service. The service redirects users and their authentication tokens to this URL after they have successfully signed in, signed out, or cleared their cookies.
  • Secret Key: A secret key shared between you and Windows Live ID used to encrypt and sign all tokens that Windows Live ID sends to your site. The secret key must be in a format specified by Windows Live ID. Choose one that is difficult to guess, and create security procedures to manage this key.
There is no certification or approvals process. Accept the Windows Live Terms of Use and you're all set.

Displaying the Sign-in/Sign-out Link
You need to insert the sign-in/sign-out link into your page to incorporate Windows Live ID. To do that, include the following HTML code in your site, replacing the values for appid, context, and style with proper values for your implementation:

Appid is the application ID you received when you registered your site. Context is the parameter holding the user state for your application and gets returned in the response from Windows Live ID authentication server so that you can preserve user state across the authentication. Style is the set of attributes that makes the sign-in IFRAME element fit your site visually.

Handling Responses from Windows Live ID
When Live ID users successfully sign in or out of your site, the Windows Live ID authentication service responds and redirects them to the return URL you specified when registering your Web application. This URL must correspond to a dynamic page that receives and appropriately processes this response.

The response has an action query-string parameter that tells your site what it needs to do. Here's the list of possible action values and what your site must do:

  • login: Your site extracts the user's encrypted authentication token from the HTTP POST response and stores it in a session cookie to keep the user signed in to your site during multiple page views.
  • clearcookie: Your site clears the session cookie you created at sign in, and returns a Graphics Interchange Format (GIF) image to the service to indicate that the user has been signed out.
  • logout: Your site clears the session cookie and redirects the signed out user to a page on your site that is appropriate for unauthenticated users. Listing 1 demonstrates the handling of the different actions.
Incorporating Windows Live Controls
Include Windows Live Controls in your Web application to seamlessly combine these features with your innovation. When users log into your site with their Live ID credentials, they are also signed into these controls. For example, the Windows Live Contacts control is a client-side JavaScript object that allows users to share their contacts with your site. Users can view presence information for their contacts and initiate a Windows Live Messenger conversation with a contact; and you can predefine messages for users to send to their contacts.

Windows Live ID Delegated Authentication
Create a mashup of rich user content from various Live services in your application with the user's explicit consent using the Delegated Authentication technology. With your site already using Windows Live ID Web Authentication, this is a simple additional step.

Through delegation, the Windows Live ID users of your site have the ability to consent to the scoped release of their personal information to you. For example, the user could consent to share their Live Calendar with your site and your application can then access the calendar to retrieve and edit data.

Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date