9.3 Microsoft .NET Passport authentication

Passport authentication is where users can be identified by their Hotmail email addresses. Other passport-supporting email accounts do exist, but Hotmail is the most prevalent. This form of authentication is not meant to secure international fund transfers, but it certainly suffices for personal communications. The advantage of passport over in-house-developed sys- tems is that many people already have a Hotmail email address, and thus do not have to reregister their details.

Passport authentication is used primarily for Web sites, but can also be applied to applications, MSN Messenger being a good example. The online help for .NET Passport is centered on Web site development, but it is possi- ble to implement a proxy service built as a programmatically accessible Web site that your application could connect to. This could then be used to obtain personal details from a user-supplied passport.

Passports are available in two flavors: preproduction and production. Preproduction passports are free, but only a limited amount of personal information can be extracted from a passport. Production passports are not free, and Microsoft will inspect your site or application before you are granted a production passport. You do, however, get the benefit of being able to read full personal details from visitors’ passports. Furthermore, a preproduction passport does not have the functionality to perform a sign- out operation.

9.3 Microsoft .NET Passport authentication 231

The first step in implementing .NET Passport–enabled software is to obtain what is known as a site ID. This is simply a number, which is given to you when you register your details with Microsoft .NET Services Man- ager. On www.netservicesmanager.com , click Applications → → → → Create Applica- tion, and then fill in all of the necessary fields.

Once you have a site ID, you can download the Passport SDK from www.microsoft.com/net/services/passport/developer.asp . This SDK should be installed on the server on which you intend to deploy the Web site, or the proxy server that is to provide passport services to the .NET-enabled stand- alone applications.

The final step is to download a private key that is to be installed on the deployment server. This can be downloaded under Manage Applications, in .NET Services Manager. The key comes in the form of an executable, which must be run from the command prompt as follows:

Partner###_#.exe /addkey Partner###_#.exe /makecurrent /t 0

Where ####_# differs for different installations and site IDs. At this point, you may then run the passport administration utility (Figure 9.2).

Figure 9.2

.NET Passport Manager Administration dialog.

Chapter 9

232 9.4 Hashing information

Figure 9.3

.NET Passport test page.

Enter your site ID in the space provided. Then press the Commit Changes button.

To test the system, start and stop IIS using Computer Management, or the IIS snap-in, then press Refresh Network Map, and Commit Changes again. You should see the following Web site appear: http:/localhost/passport- test/ , as shown in Figure 9.3.

Pressing the Sign-In button will bring you to a cobranded login page for Passport. On successful login, the browser will display the URL that was specified during the site ID signup procedure