PassportIdentity.GetIsAuthenticated(int,int,int)

Article
06/29/2006

PassportIdentity.GetIsAuthenticated(int,int,int)

Indicates the presence of a valid Microsoft .NET Passport Ticket cookie in the caller's domain or a fresh Ticket on the query string. This method determines if the current user is authenticated based on the iTimeWindow and the iForceLogin parameters.

Syntax

public bool GetIsAuthenticated(   int iTimeWindow,   int iForceLogin,   int iSecureLevel)

Parameters

iTimeWindow
Specifies the interval during which users must have last signed in to the calling domain. Pass -1 to indicate that .NET Passport should use the default value. The value entered for iTimeWindow must be -1, greater than or equal to 20, and less than 2678400 (between 20 seconds and 31 days).

iForceLogin
If set to 1, then users must also have given their passwords on the Login server's Sign-in page within the iTimeWindow interval. If set to 0, then they may have signed in using silent refresh or manual sign-in.

iSecureLevel
An integer that declares the secure level with which the Sign-in page will be served. The value may be 0, 10, 100, or -1, which indicates that the default secure level value for the site should be used. The following table describes the functionality associated with each allowed value for iSecureLevel.

SecureLevel value Description

-1 The default secure level for the site is used.

0 Any type of sign-in is acceptable, so long as it passes TimeWindow and/or ForceLogin specified in this method call.

10 Specifying 10 for SecureLevel requires that the last sign-in must be made over a secure channel (by specifying SecureLevel=10 in a call to LogoTag, LogoTag2, AuthURL, AuthURL2, or LoginUser). This sign-in must also pass any additional TimeWindow and/or ForceLogin specified in this method call. Otherwise, this method will return false.

100 Specifying 100 for SecureLevel requires that the last sign-in must be made over a secure channel, and with submission of a security key in addition to password (by specifying SecureLevel=100 in a call to LogoTag, LogoTag2, AuthURL, AuthURL2, or LoginUser). This sign-in must also pass any additional TimeWindow and/or ForceLogin specified in this method call. Otherwise, this method will return false.

SecureLevel value	Description
-1	The default secure level for the site is used.
0	Any type of sign-in is acceptable, so long as it passes TimeWindow and/or ForceLogin specified in this method call.
10	Specifying 10 for SecureLevel requires that the last sign-in must be made over a secure channel (by specifying SecureLevel=10 in a call to LogoTag, LogoTag2, AuthURL, AuthURL2, or LoginUser). This sign-in must also pass any additional TimeWindow and/or ForceLogin specified in this method call. Otherwise, this method will return false.
100	Specifying 100 for SecureLevel requires that the last sign-in must be made over a secure channel, and with submission of a security key in addition to password (by specifying SecureLevel=100 in a call to LogoTag, LogoTag2, AuthURL, AuthURL2, or LoginUser). This sign-in must also pass any additional TimeWindow and/or ForceLogin specified in this method call. Otherwise, this method will return false.

Return values

true if the user has been authenticated to a central site responsible for .NET Passport authentication within the iTimeWindow. If iForceLogin is set to 1, then users must also have given their passwords at the Login server within the time specified by iTimeWindow. All other cases return false.

Example 1

The following C# example uses the GetIsAuthenticated method to check for the time since the last authentication. If the time is less than 600 seconds, a silent sign-in is performed. If the time is between 600 seconds and an hour (3600 seconds), a manual sign-in is required. If the time is greater than an hour, a warning that the user has not been authenticated within the last hour is displayed. In this example, upon a LoginUser, the user is redirected to the sruURL page.

<%@ Page Language="C#"%>
<HTML>
<HEAD><TITLE>Mysample - Exercise - CS</TITLE></HEAD>
<Script language="C#" runat="server">
 string sServer;
 PassportIdentity oMgr;
 string sthisURL, sruURL;

 protected void Page_Load(Object src, EventArgs e) {
  sServer = Request.ServerVariables["SERVER_NAME"];
  oMgr = (PassportIdentity)User.Identity;
  sthisURL = "https://" + sServer + Request.ServerVariables["SCRIPT_NAME"];
  sruURL = "https://" + sServer + "/BriefCS/Mysample.aspx";
 }
</Script>
<%
if (oMgr.GetIsAuthenticated(600,0,0)) {
 //You have been authenticated within the last 600 seconds, either silently or using
 //your password. Do a silent sign-in and return to the sruURL defined above.
 oMgr.LoginUser(sruURL,20,false,null,1033,null,01,false,null);
}
else if (oMgr.GetIsAuthenticated(3600,1,0)) {
 //If you fail the above test, but you have been authenticated using
 //your password within the past hour, you can sign in again, using your
 //password. Upon your sign-in, return to the sruURL defined above.
 oMgr.LoginUser(sruURL,60,true,null,1033,null,01,false,null);
}
else {
 Response.Write ("You have not been authenticated within the last hour. Please exit.");
} // End if GetIsAuthenticated
%>
</HEAD>
</HTML>

Example 2

The following example uses the GetIsAuthenticated method to ensure that the user has been authenticated within the previous hour and then displays the user's first name and .NET Passport Unique ID (PUID) as well as the Ticket age, time since sign-in, and Site ID. If the user has not been authenticated within the previous hour, a warning note is displayed. The iForceLogin is used to determine if the user has used his or her password for a manual sign-in within the past 60 seconds.

<%@ Page Language="C#"%>
<HTML>
<HEAD><TITLE>Mysample - Exercise - CS</TITLE></HEAD>
<Script language="C#" runat="server">
 string sServer;
 PassportIdentity oMgr;
 string sthisURL, sruURL;

 protected void Page_Load(Object src, EventArgs e) {
  sServer = Request.ServerVariables["SERVER_NAME"];
  oMgr = (PassportIdentity)User.Identity;
  sthisURL = "https://" + sServer + Request.ServerVariables["SCRIPT_NAME"];
  sruURL = "https://" + sServer + "/BriefCS/Mysample.aspx";
 }
</Script>
<%
if (oMgr.GetIsAuthenticated(3600,0,0)) {
 //You have been authenticated within the last hour. Display the user's information.
 Response.Write ("Hello " + oMgr.GetProfileObject("Firstname") + ".");

 if (oMgr.GetIsAuthenticated(60,1,0)) {
  Response.Write("<br>You have signed in using your password within the last 60 seconds.");
 }
 else {
  Response.Write("<br>You have not signed in using your password within the last 60 seconds.");
 }

 Response.Write("<br>Your unique identifier is " + oMgr.HexPUID + ".");
 Response.Write("<br>Your ticket is " + oMgr.TicketAge + " seconds old.");
 Response.Write("<br>You signed in " + oMgr.TimeSinceSignIn + " seconds ago.");
 Response.Write("<br>Your server SiteID = " + oMgr.GetCurrentConfig("SiteID") + ".");
}
else {
 Response.Write ("You have not been authenticated within the last hour.");
} // End if GetIsAuthenticated
%>
</HEAD>
</HTML>

Example 3

The following example uses the GetIsAuthenticated method with the bForceWindow to determine if a manual or silent sign-in was last used to authenticate the user. The only difference between the two if statements is the bForceLogin parameter.

<%@ Page Language="C#"%>
<HTML>
<HEAD><TITLE>Mysample - Exercise - CS</TITLE></HEAD>
<Script language="C#" runat="server">
 string sServer;
 PassportIdentity oMgr;
 string sthisURL, sruURL;

 protected void Page_Load(Object src, EventArgs e) {
  sServer = Request.ServerVariables["SERVER_NAME"];
  oMgr = (PassportIdentity)User.Identity;
  sthisURL = "https://" + sServer + Request.ServerVariables["SCRIPT_NAME"];
  sruURL = "https://" + sServer + "/BriefCS/Mysample.aspx";
 }
</Script>
<%
if (oMgr.GetIsAuthenticated(30,0,0)) {
 Response.Write ("You were authenticated manually or silently within the last 30 seconds.");
}
if (oMgr.GetIsAuthenticated(30,1,0)) {
 Response.Write ("<br>You were authenticated manually within the last 30 seconds.");
}

//If over 40 seconds, do a silent sign-in
if (oMgr.TicketAge > 40) {
 oMgr.LoginUser(sthisURL,40,false,null,1033,null,-1,false,null);
}

Response.Write("<br><br>TicketAge = " + oMgr.TicketAge);
%>
</HTML>

Remarks

In Example 1, if the authentication has been accomplished within the previous 600 seconds, a silent refresh is performed. The silent sign-in resets the HasTicket property to 0 but does not reset the TimeSinceSignIn property. If the authentication has been accomplished between 600 seconds and an hour, a manual sign-in is required. The manual sign-in resets both the HasTicket and TimeSinceSignIn properties to 0.

You can use the GetIsAuthenticated method to ensure that the user is a valid user before displaying .NET Passport properties or using .NET Passport methods on the object. Example 2 displays a means to verify that the user has been authenticated within the previous hour before it displays any of the properties or methods.

Example 3 uses GetIsAuthenticated along with the bForceLogin parameter to determine if the user has last been authenticated with a manual or a silent sign-in. If the user has performed a manual sign-in within 30 seconds of entering this page, "You were authenticated manually within the last 30 seconds" will be displayed to the user. Refreshing this page after the Ticket age reaches 40 seconds will perform a silent sign-in and "You were authenticated manually or silently within the last 30 seconds" will be displayed.

If GetIsAuthenticated returns false and the HasTicket property is true, the user has a stale Ticket, which means the Ticket was obtained beyond the iTimeWindow of the GetIsAuthenticated window and should be refreshed.

Share via

PassportIdentity.GetIsAuthenticated(int,int,int)

PassportIdentity.GetIsAuthenticated(int,int,int)

Additional resources