Installing the .NET Passport SDK and Passport Manager (VBScript)

Installing the .NET Passport SDK and Passport Manager

Before you install the Microsoft® .NET Passport Software Development Kit (SDK), make sure your system meets all of the minimum requirements. For more information, see .NET Passport System Requirements.

You must be signed in as an Administrator when installing the .NET Passport SDK and Passport Manager on a Microsoft® Windows NT®, Microsoft Windows® 2000, or Microsoft Windows XP computer because installing the .NET Passport SDK changes registry settings and installs files to the system folder. Depending on the installation options you choose, running Setup may also stop and start the Microsoft® Internet Information Services (IIS) server process, install virtual directories, or install ISAPI filters to the default Web site root.

Installation Instructions

The following are instructions for starting the Setup program from CD-ROM, a share on a local area network, or the Web:

To install from a CD

Click the Install option that automatically appears when you insert the .NET Passport SDK CD-ROM, and then follow the instructions on the screen.

If the Install option does not appear, or if you have already inserted the CD to browse this documentation, follow these steps:

1. From the Start menu, click Run.

2. Type d:\setup and click OK.

   Substitute the correct drive name for your CD-ROM drive if other than "d:".

To install from a share

Run Setup.exe in the supplied installation path or share.

To install from the Web

1. Download the .NET Passport SDK 2.5 installation files.

2. Choose Run this program from its current location and click Yes to install.

   If you are using a Netscape browser, download the SDK to your computer and run the executable locally.

Setup provides you with several installation options. The primary option is to specify which .NET Passport environment this .NET Passport SDK installation should use. In most cases, you should choose the default (Preproduction). For more information, see .NET Passport Environments. If you are deploying Passport Manager to multiple servers in anticipation of going live to Production, or if you are testing isolated servers against Production, the Production option may be appropriate. If you choose this option, see Deploying Passport Manager and Site Code and Deploying Passport Manager to Servers.

If the server on which the .NET Passport SDK is being installed has an earlier version of the .NET Passport SDK installed and has undergone extensive .NET Passport-related configuration already, the Keep existing configuration settings option may be appropriate. In this case, you may wish to select the components to be installed.

By default, the check box that allows you to specify each component to be installed is not selected. This is because Setup chooses default groups of components that are appropriate for each setup type and environment. However, you can select this box to verify and confirm each component for any of the three setup options. The default component lists for each installation option are shown in the following table.

Deploying Passport Manager

Installing the .NET Passport SDK always installs the Passport Manager server-side object that provides the application programming interface (API) for most of the sign-in and profile service implementation done by a participating site. The .NET Passport SDK can be installed on single or multiple computers used by participating site developers as they integrate .NET Passport sign-in services with their site's existing code.

If you wish to deploy Passport Manager to live Web servers and you wish to install only the bare minimum—the object and files to support your .NET Passport-related code when it has been developed—choose the Production environment option when installing. You may wish initially to install the "/PassportTest" sample site, which can be used for a quick "smoke test" of basic Passport Manager functionality, but remove the VDir after such testing is complete. For more information about using the sample site for testing, see Test Site. For a complete deployment checklist, see Deploying Passport Manager and Site Code.

Uninstalling Passport Manager and the .NET Passport SDK

Uninstall is handled by InstallShield. Uninstall reads the .isu file and removes all unmodified components that were installed initially. Components modified since the initial installation are left in place.

To remove Passport Manager and .NET Passport SDK files

1. From the Start menu, point to Settings, click Control Panel, and then click Add/Remove Programs.
2. From the list box, select Passport Manager, click Remove, and then click Yes to confirm.

Notes

• Read the Readme file related to the SDK version being installed. The Readme file contains late additions to the .NET Passport SDK documentation and new details or instructions about installing the .NET Passport SDK and software.

• Reinstalling the .NET Passport SDK will save any existing configuration settings of a previous Passport Manager installation. To be safe, save these settings first, using the Save menu features of the Passport Manager Administration utility. The InstallShield uninstall program removes most .NET Passport components. However, it does not change the IIS configuration settings or remove Access Control Lists (ACLs) on any files or directories, or any files that you have made any changes to (such as modified Sample Site files).

• Reinstalling the SDK may require that previously installed encryption keys be reinstalled. For information about syntax and procedure, see Installing .NET Passport Encryption Keys.

HTTP-only Cookie Support in Passport Manager 2.5

Cross-site scripting attacks can expose sensitive information about the users of the Web site. In order to help mitigate the risk of cross-site scripting, a new feature has been introduced in Microsoft® Internet Explorer 6. This feature is a new attribute for cookies which helps prevent them from being accessed through client-side script. A cookie with this attribute is called an HTTP-only cookie. Any information contained in an HTTP-only cookie is less likely to be disclosed to a hacker or malicious Web site. New installations of Passport Manager version 2.5 will enable the HTTP-only property in all .NET Passport cookies. When upgrading from an earlier version of Passport Manager, the Setup application will not enable this functionality.

The registry key and value that enable HTTP-only cookies are not imported or exported through the Passport Manager Administration utility. You must manually create a registry entry for each site you want to use this option.

To enable or disable the HTTP-only cookie feature after installation, change the value for the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Passport\NotUseHTTPOnly

Set to "0" to enable the HTTP-only property in .NET Passport cookies. Set to "1" to disable the HTTP-only property in .NET Passport cookies. In a multi-site configuration, the value must be set for each site:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Passport\Sites\{YourSiteNames}\NotUseHTTPOnly

For more information about HTTP-only cookies, see the MSDN article, Mitigating Cross-site Scripting with HTTP-only Cookies.

See Also

Passport Manager Administration Utility | Deploying Passport Manager and Site Code | Component Configuration Document