Single Sign-In Overview (C#)
.jpg)
Single Sign-In Overview
A Microsoft® .NET Passport-enabled site uses the single sign-in (SSI) service to authenticate users. The following is a list of tasks performed as part of SSI authentication.
Instantiate the PassportIdentity object.
Most of the tasks that you will perform as you create your Sign-in page will be carried out by using the properties and methods of the PassportIdentity object. Creating an instance of this object is usually the first authentication-related code that will appear in a Sign-in page.
Determine if the user is already signed in.
When a user accesses your page, the user may already be signed into the .NET Passport service. You determine a user's sign-in status by calling the GetIsAuthenticated method of the PassportIdentity object. Based on the result of this method call, you should branch your code to handle both the case in which the user is signed in and the one in which the user is not, choosing content to display based on the user's sign-in status. There are cases in which the user may be signed in, but you want to authenticate the user again.
Direct the user to the Login server.
If the user is not already signed in to .NET Passport, or if you want the user to sign in again, redirect the user's browser to the .NET Passport Login server by using the LoginUser method of the PassportIdentity object. The LoginUser method redirects the user to the .NET Passport Login page and, after the user has been authenticated, returns the user to your site. After this transaction, the GetIsAuthenticated method will confirm that the user has been signed in.
You can also allow users to sign in by using the LogoTag2 method of the PassportIdentity object. If the user is not signed in, this method will display a Sign In button that, when clicked, will redirect the user to the .NET Passport Login server and back. If the user is signed in, this method will display a Sign Out button. The AuthURL2 method behaves in a similar way, but generates a hypertext link, instead of a button, to the Login server.
For more information about redirecting the user to the Login server, see Hard Sign-In: Step By Step and Soft Sign-In: Step By Step.
Identify the user.
After the user has been authenticated, use the GetProfileObject method of the PassportIdentity to determine the user's .NET Passport Unique ID (PUID).
Users may elect to share additional information from their profile with your site that you can use to customize their experience on your site. This profile information, like the PUID, is obtained through the GetProfileObject method of the PassportIdentity object. There are strict rules governing how and when you can use .NET Passport profile information. For more information, see Collecting User Data.
Additional Required Pages
To use SSI, participating sites must provide the following pages.
Personal Consent Page
Upon a user's first visit to your site, you must request his or her consent to use .NET Passport profile information, including the PUID. A personal consent page makes this request and then, if the user accepts, sets a persistent cookie for that user that indicates that consent has been given. For more information, see Adding a Personal Consent Page.
Sign-out Page
When a user signs out of .NET Passport from your site, all of the .NET Passport-related cookies must be deleted from the user's computer. This is done using a script that you will provide and host at your site. The .NET Passport Login server will redirect the user's browser to this script when the user signs out of your site. For more information, see Implementing Sign-Out and Deleting Cookies.
See Also
Passport PassportIdentity Object | PassportIdentity.IsAuthenticated | PassportIdentity.LoginUser | PassportIdentity.LogoTag2 | PassportIdentity.AuthUrl2 | PassportIdentity.GetProfileObject