Implementing .NET Passport Authentication in Web Applications Using Passport Authentication ProviderAre you creating an ecommerce application using .NET? Are you worrying about safe transmission of credit card information and other sensitive data? If yes, then making your application as Passport Enabled Application will solve your purpose. For example, Users having Hotmail or MSN email address will have their email address and password recorded in Microsoft’s Passport Server. If your ecommerce application can accept the hotmail email address as username, then you can use Passport Authentication Provider which will take care of the complete authentication mechanism of your application. .NET’s Passport Authentication Provider integrates with Microsoft’s Passport Server to ensure authentication.
The advantage of this provider is that it provides single sign on facility to the User. With a single hotmail account, User can login and access all Passport Enabled Applications. However for single sign on, you should use Microsoft’s Server where Passport database is hosted. If you use your own server, then single sign on will not work and you have to use some other authentication mechanisms in addition to Passport Authentication. What does the Passport Authentication of Microsoft offer to your application? It provides a pre-defined login screen, a database to validate User information, ensures security of user information being exchanged and provides logout functionality. When the User requests for a page in your passport authenticated application, User is prompted for Login. If the details provided by User are valid as per Microsoft’s Passport database, then the User is provided access to the requested page. Passport Authentication Provider ensures communication and integration of client browser, your application and Passport database to achieve this logic. How do you make your application as Passport Enabled Application? For that, follow the steps given below: • Create User in Microsoft’s passport database by registering yourself in hotmail or msn and get your own email address • Browse through the site www.netservicesmanager.com. Enter your User details that you created in the earlier step and provide the additional details asked for. You will be proceeding with the registration process, where in you can configure your application to any of the following Passport Services provided by Microsoft: Kids Passport is used if your application’s end users are under age group 13 Single Sign On Passport can be used if your application requires SSO(Single Sign On) facility Express Purchase is used when your application deals with credit card information and other sensitive financial information Assume that you opt for Single Sign On Passport. After opting for the passport service, enter all other relevant information including domain name, website title and co-brand image url. • You will receive a site ID when you successfully complete the registration process. Note down this site ID for future use. • You can manage your application using “Manage My Applications” link. With this link you can manage information such as application name, site id, environment, service, compliance review status and application status. You can create more than one application and all your applications can be viewed and managed in this screen. • To ensure confidentiality and integrity, you have to download Passport Encryption Key for your application. You have a provision to download the key in “Manage My Applications” screen. The key is of type .exe. Download and store it in your system. • Download Passport SDK and install it. After installing, you have to run the Passport Manager Administration Utility. Mention the site ID of your application (which you noted in earlier steps). With this utility you can manage Passport Environment. Ensure that your machine has .NET Framework before installing this SDK. • When your application is in production, you can access this passport database. But when your application is under development, you cannot test your application. This is because when you move your application into production you will pay fees to Microsoft for using its server. But when you are in development, the fee is still not paid. Hence if you want an alternative way to test your application before production, then you have to create a test account. Login to the website “current-register.passporttest.net” to create test account. • Install
the Password Encryption Key you downloaded earlier. For that, execute
the following command in the command prompt: After installing
this key, you have to make sure that IIS uses this key. For that, execute
the IIS will use the key after 10 seconds. What changes have to be made specifically in your application to activate and use Passport Authentication? • Make the following entry inside system.web of configuration section of your web.config file: <authentication
mode=”Passport”> This entry will identify that your application uses Passport Authentication Provider. In addition when unauthenticated users request for a page, the user will be redirected to the login page. • Inside your code how do you check if the user is Passport authenticated? You have to create an instance of the class PassportIdentity and use its corresponding methods to check for authentication. Here is a sample code in VB.NET: Dim passportObj
As New System.Web.Security.PassportIdentity(); You can use
“LogoTag2” method of PassportIdentity to automatically check
if user is authenticated or not. With this method, you can also add sign-in
button to your login page: You can also
use the following piece of code to check for authentication: Earlier Microsoft’s Passport was not considered secure as many hackings happened and hotmail accounts were traced, but now-a-days, Passport is improvised a lot and security is ensured to the maximum possible extent. Hence if your need is being met and you are ready to pay license fee and sign license agreement with Microsoft, then you can very well make your application as Passport Enabled Application.
|