Integrate Passport into your ASP.Net apps
Published: 13 Apr 2003 19:59 BST
Unfortunately, you can't use a standard Microsoft Passport to test your Preproduction (PREP) Passport Web site. You must create a specific PREP Passport to make it work. You can register for an account on the .Net Passport PREP Registration server by filling out this form.
If you installed the Passport SDK on Windows XP, you will have to modify the registry to access your ASP.Net application. The built-in Passport support in XP will prevent you from authenticating using the PREP servers instead of the standard production servers. The registry modification information can be found on the SDK.
If you are planning to roll out a production version of your ASP.Net application (which will essentially make it accessible to all Passport users), you'll have to sign a three-year nonexclusive .Net service agreement. Microsoft has imposed steep licensing fees to deploy this service on a production system: $1,500 USD for testing the compliance of your application on a periodic basis and a $10,000 USD per year fee for provisioning costs (access to Passport logon servers, etc.).
Add Passport code to your ASP.Net application
Passport uses SSL, XML, forms, and cookies as the basis of the authentication service. You should have a basic knowledge of these standard Web technologies before attempting to create Passport-based applications. In terms of browser support, Passport can handle Navigator/Communicator 4.08 through 4.8. Microsoft .Net Passport does not officially support Netscape 6.0 and 6.1.
To develop a Passport-enabled application, you can choose from many development languages, including C#, VBScript, and C++. The API for each of these languages is covered in depth in the Passport SDK.
Two security concepts are in use in the configuration of Passport: authentication and authorisation. Authentication is the process in which a user must enter credentials (username and password) to establish identity. Authorisation is the process in which authenticated users are either allowed or disallowed access to resources and files.
First, you need to define which resources a Passport-authenticated user can access. In the directory containing your protected content, you must specify the authentication and authorisation settings in the Web.config file, as shown in Listing A.
This code defines the following:
- Passport is the authentication mode.
- All unauthenticated users should be redirected to loginpage.aspx.
- All users are authorised to access loginpage.aspx. (The asterisk [*] signifies "all users.")
- Once a user has been authenticated, the location of the protected content is protectedcontent.aspx.
- Unknown and unauthenticated users are denied access to the protectedcontent.aspx page. (The question mark signifies "unauthenticated users.")
In VBScript, you can instantiate the Passport object. For example:
To check whether a user has logged in to Passport, you can use an IF statement:
If objPassManager.IsAuthenticated Then
...
End If
To add in a link to the login page, enter this code:
Response.Write(objPassManager.LogoTag2("loginpage.aspx"))
This will generate the image and link shown in Figure A.
| Figure A |
 |
| Passport image |
Easy to integrate Passport
Although we've provided only a simplified overview of the code and objects available in Passport, it should help you get started. For the complete API, you can refer to the Passport SDK.
With minimal code, you can integrate Passport into your application. If you work for a midsize to large organisation, you can roll out Passport to provide millions of users -- including those with Hotmail accounts -- with secure access to your site. To find out more about the Passport service, be sure to check out the .Net Passport review guide.
For a weekly round-up of the enterprise IT news, sign up for the Enterprise newsletter.
Tell us what you think in the Enterprise Mailroom.
Previous
Did you find this article useful?
96 out of 211 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
