With so many online services out there, you nearly claim a new online identity somewhere every day. You tend to use the same username and password couple for all of them, but sometimes your preferred username is taken, or your password does not meet the sites’ password policy. I reckon I have well over 100 online identities out there – I rely on the same 3-4 combinations of username and password, and it’s really messy. In this blog post I’m going to cover how to authenticate users of an ASP.NET application against Windows Live, using the SDK for Windows Live ID. I’m going use the built-in ASP.NET Membership mechanism and go from there.
I could have gone the OpenID way, but Scott Hanselman already did an example on OpenID, so I thought I’d try out Windows Live. Jeff Atwood asked the question, if we really need another username and password in the pursuit of the best authentication model for stackoverflow.com.
Conceptual idea of using Windows Live ID
Windows Live ID, is the technology you should be quite familiar with when authenticating on Microsoft web sites, and Messenger. If you want to know more about what Windows Live ID is, take a look at this video from Channel9.
When using Windows Live ID, you redirect the user to the Windows Live login-page, with a return URL specified. When the user authenticates, Windows Live will redirect the user back to your site, and delivering a user id and a token. Here’s an overview of how it looks:
Getting your application ID to use Windows Live ID
To get started using Windows Live ID, first of all you need an application ID. Basically you need to sign up for one, and register your application. Go to https://msm.live.com/app/default.aspx and click ‘Register an Application’. (You can find Microsoft’s guide to this here: http://msdn.microsoft.com/en-us/library/cc287659.aspx)
Leave Domain Name blank. Save your self-chosen Secret Key for later use, and submit the form. When you see the confirmation page, your application ID is shown. Copy that, as we’re going to use it later.
In the return URL field, type the URL of your application followed by a name of a page to handle the Windows Live ID communication, like http://localhost/demoapp/webauth-handler.aspx.
Download and install Windows Live ID Web Authentication SDK
Microsoft has made it quite easy for ASP.NET developers to get started, by providing an SDK. Download it here: http://www.microsoft.com/downloads/details.aspx?FamilyId=24195B4E-6335-4844-A71D-7D395D20E67B&displaylang=en and install the SDK. By default it is installed here: C:\Program Files\Windows Live ID\WebAuth
From the SDK we need a class called WindowsLiveLogin, located in the App_Code folder of the sample. Keep this file in mind for a few seconds.
Start coding – create a new website
Open Visual Studio 2005/2008 and create a new ASP.NET website the way you want it. First we will add the WindowsLiveLogin.cs file to our AppCode folder. (C:\Program Files\Windows Live ID\WebAuth\Sample\AppCode\WindowsLiveLogin.cs).
Leave the default.aspx page, and put the following HTML in the markup:And this piece of code in its code-behind class. Default.aspx will work as a login page. Users click the Sign-in button, and is redirected to Windows Live. When they authenticate, they’re redirected back to our handler page, that we will now create…
Create a new aspx page, and name it webauth-handler.aspx. Recall that this was the page we provided as the return URL when we registered the application at Windows Live.
This page will serve as the handler page for the user, when Windows Live redirects back to your site. Windows Live will post authentication specific values for you to use. Because this page is never seen by a user (we will send the user back where they began), we can simply remove all the markup.
Put the following code in your code-behind class for webauth-handler.aspx.### The first login test
Now we’ve got everything setup as we should, and it should be possible to login using Windows Live. View the default.aspx page in your favorite browser, and let’s try.
Now your user has authenticated against Windows Live, using the Windows Live ID. Now it’s up to you to handle the user’s Windows Live ID, which is what I’m going to blog about in part 2 of the Windows Live Development series here…