Share via


Single Sign-In Overview

Soft Sign-In: Step By Step

A Web page that uses soft sign-in implementation of Microsoft® .NET Passport allows users to view the page whether or not they are authenticated, but the contents of the page will vary. You can choose to display a portion of your content to all users, but display the full content only to authenticated users. Or, you can present a generic page for anonymous users and offer customized content for users signed in to .NET Passport.

Implementing Soft Sign-In

The following are the basic coding steps used to implement soft sign-in:

  1. Create an instance of the PassportIdentity object.

  2. Detect authentication data on the query string by checking the GetFromNetworkServer property of the PassportIdentity object. If necessary, clear the query string by redirecting the user to the URL of the current page.

  3. Call the GetIsAuthenticated method of PassportIdentity to determine whether the user is signed in.

  4. If the user is authenticated, check your database to see if the user has granted consent for your site to use his or her .NET Passport profile data. If not, redirect the user to the consent gathering page for your site. If consent has not been granted, your code should direct the user to a page you supply that asks the user for consent and, if given, stores the information in the database. (Typically, the consent page will return the user to the calling page after the database entry has been made.) The actual implementation of the database query and the consent page are not included in the following example. For more information, see Adding a Personal Consent Page.

  5. Set a variable to indicate whether the user is signed in. You can use this variable in the body of your page to determine which content to display.

  6. Display the .NET Passport sign-in link on the page by calling the LogoTag2 method of the PassportIdentity object. The strReturnURL parameter of the call to LogoTag2 determines where the Login server will redirect the user after the user signs in or out. If the user is signed in, use your site's sign-out script for the strReturnURL. Otherwise, use the address of the current page.

Most of these steps are addressed in more detail in the previous topic. For more information, see Hard Sign-In: Step By Step.

Example Code for Soft Sign-In

The following is an example of an ASP.NET page that uses soft sign-in.

<%@ Language=C# %>
<%
PassportIdentity oMgr;
oMgr = (PassportIdentity)Context.User.Identity;

string thisURL, logoutURL; 
bool isSignedIn;

//The URL of this page.
thisURL = "https://" + Request.ServerVariables.Get("SERVER_NAME") +
   Request.ServerVariables.Get("SCRIPT_NAME");

//The URL of the sign-out page
logoutURL = "https://" + Request.ServerVariables.Get("SERVER_NAME") +
   "/logoutuser.htm";


if (oMgr.GetFromNetworkServer) {
   Response.Redirect(thisURL); //Clears query string if ticket has
                              //just arrived.
}

if (oMgr.GetIsAuthenticated(3600,false,false)) { //Ticket must be less than one
                                   //hour old (3600 seconds) or it 
                                   //will be considered stale.
                                   //This parameter is optional.

   //Determine user's PUID.
   string nickname, memberidhigh, memberidlow;
   memberidhigh = oMgr.GetProfileObject("MemberIDHigh").ToString();
   memberidlow = oMgr.GetProfileObject("MemberIDLow").ToString();

   // Check for this user's record
   // in your consent database
   if (ConsentIsInDatabase(memberidhigh,memberidlow)) { 
      // ConsentIsInDatabase call is provided
      // by your site and determines user's consent 
      // status on your site

      //If user has given consent,
      //set a variable to indicate the user
      //is signed in
      isSignedIn = true;

   }else{

      if (oMgr.TimeSinceSignIn < 10) {
         // The user clicked Sign In to enter your site,
         // providing implicit consent, so no consent page
         // is necessary.
         AddPUIDToConsentDatabase(memberidhigh,memberidlow);
         isSignedIn = true;

      }else{

         //If user has not given consent, show consent page.

         Response.Redirect("https://" + Request.ServerVariables.Get("SERVER_NAME") +
         "gather_consent.asp?returnTo=" + Server.UrlEncode(thisURL));

         //Gather_consent.asp will present the consent UI.
         //If consent is given, a database entry
         //will be made and redirect back to this 
         //page using the returnTo parameter 

      }

   }

}else{

   //If user is not authenticated,
   //set the variable to indicate the user
   //is not signed in
   isSignedIn = false;


}



// Now use the isSignedIn variable to 
// determine which content to display.

if (isSignedIn) {

   //The user is signed in, so	
   //call LogoTag2 with sign-out script
   //as return URL parameter
   Response.Write(oMgr.LogoTag2(logoutURL,3600,false,null,-1,false,null,-1,false));
   Response.Write("<HR>");

   //And display customized content
   Response.Write("You are signed in to .NET Passport.");

}else{

   //The user is not signed in, so	
   //call LogoTag2 with this page
   //as return URL parameter
   Response.Write(oMgr.LogoTag2(thisURL,3600,false,null,-1,false,null,-1,false));
   Response.Write("<HR>");

   //And display customized content
   Response.Write("You are not a .NET Passport user.");

}

Response.Write("This content is seen by all users");

%>