IPassportManager::get_HasSavedPassword
.jpg)
IPassportManager::get_HasSavedPassword
Declares whether the user's password was saved. Declares whether the user has selected the option on the Microsoft .NET Passport Login page to be signed in automatically.
Syntax
HRESULT get_HasSavedPassword ( VARIANT_BOOL* pVal );
Parameters
- pVal
[out, retval] A pointer to a VARIANT Boolean value. Returns VARIANT_TRUE if the connecting user's Ticket indicates that the user has chosen to save the password on the .NET Passport Login page as of the last Ticket refresh; otherwise, VARIANT_FALSE.
Return values
Returns one of the following values:
S_OK Success. PP_E_INVALID_TICKET Ticket cookie is invalid in calling domain.
Remarks
Microsoft .NET Passport users can choose to save their passwords so that they are not prompted to re-enter their credentials when revisiting a site. With the password saved, the Ticket Granting cookie is persisted across sessions, and it stores the encrypted password. All other .NET Passport cookies are persisted across sessions also. This property returns whether the user chooses to save his or her password at sign-in. When called, get_HasSavedPassword returns True if the "saved password" attribute inside a Ticket cookie or query string is marked true.
Closing a browser will not destroy the cookies, and when a new session begins, users will be signed in automatically using their saved credentials. The domain authority cookies are refreshed as often as necessary to meet the requirements of the participating site, but users never see the Login page or re-enter sign-in name and password again, with the following exception:
If any IPassportManager properties or methods that connect to the Login server are called with ForceLogin set to VARIANT_TRUE, then users will have to manually re-enter their password on the Login server Sign In page. This allows participants to always ensure that users' credentials are valid even with passwords saved. For example, a site might use .NET Passport authentication as authorization for access to bank records, and might consider it to be in their customers' best interests to always manually verify the authentication before displaying such data. Checking for get_HasSavedPassword allows a site to display special-case UI or messaging for users who have saved passwords, and then potentially to tell them why their saved password did not automatically allow them access on this particular site.
See Also