InfoCard can bring a new level of security to authenticating users to your site. In this session, take a deep developer look at how this can be achieved. A traditional forms-based authentication implementation is converted to use InfoCard, along with explanations of the Web services, protocols, and security considerations that one needs to understand.
CNIC Information System with Pakdata Cf In Pakistan
From "Username and Password" to InfoCard
1. From Username & Password to "InfoCard" Richard Turner "InfoCard" Product Manager Microsoft Corporation Garrett Serack Program Manager Microsoft Corporation
2.
3. The Imperative to Connect Suppliers & Partners Businesses Employees Friends & Family Consumers
25. 1. Associate a user with a card CREATE PROCEDURE aspnet_infocard_associate (@UserId nvarchar(256), @card nvarchar (50) ) AS ... CREATE PROCEDURE aspnet_infocard_lookup (@card nvarchar (50) ) AS ...
26. 2a. Create an association page <!-- ... --> < button onclick ="javascript:return infocardlogin.submit();"> Update account with your Information Card </ button > < form name ="infocardlogin" target ="_self" method ="post"> < object type ="application/x-informationcard" name ="xmlToken"> < param name ="tokenType" value ="urn:oasis:names:tc:SAML:1.0:assertion"> < param name ="issuer“ value ="http://schemas..../identity/issuer/self"> < param name ="requiredClaims" value ="http://.../claims/givenname, http://.../claims/surname, http://../claims/emailaddress, http://.../claims/privatepersonalidentifier"> </ object > </ form > <!-- ... -->
27. 2b. Create an association page public partial class Associate_aspx : System.Web.UI. Page { protected void Page_Load( object sender, EventArgs e) { // check if an xmlToken is posted string xmlToken = Request[ "xmlToken" ]; if (xmlToken != null ) { TokenHelper tokenHelper = new TokenHelper (xmlToken); // get the unique id string uniqueID = tokenHelper.getUniqueID(); if (uniqueID != null && uniqueID != "" ) { //store it with the account. MembershipUser user = Membership .GetUser(); MembershipHelper .AssociateUser( user.UserName, uniqueID ); } } } }
28. 3a. Update the sign in page <!-- ... --> < button onclick ="javascript:return infocardlogin.submit();"> Sign in with your Information Card </ button > < form name ="infocardlogin" target ="_self" method ="post"> < object type ="application/x-informationcard" name ="xmlToken"> < param name ="tokenType" value ="urn:oasis:names:tc:SAML:1.0:assertion"> < param name ="issuer“ value ="http://schemas..../identity/issuer/self"> < param name ="requiredClaims" value ="http://.../claims/givenname, http://.../claims/surname, http://../claims/emailaddress, http://.../claims/privatepersonalidentifier"> </ object > </ form > <!-- ... -->
29. 3b. Update the sign in page public partial class Login_aspx : System.Web.UI. Page { protected void Page_Load( object sender, EventArgs e) { string xmlToken = Request[ "xmlToken" ]; TokenHelper tokenHelper = new TokenHelper (xmlToken); // Lookup the account using the uniqueId string username = MembershipHelper .GetUser( tokenHelper.getUniqueID()); if (username != null ) { MembershipUser user = Membership .GetUser(username); // give the cookie back to the browser. FormsAuthentication .SetLoginCookie(user.UserName, false ); } } }
30. 4a. Update the registration page <!-- ... --> < button onclick ="javascript:return infocardlogin.submit();"> Register with your Information Card </ button > < form name ="infocardlogin" target ="_self" method ="post"> < object type ="application/x-informationcard" name ="xmlToken"> < param name ="tokenType" value ="urn:oasis:names:tc:SAML:1.0:assertion"> < param name ="issuer“ value ="http://schemas..../identity/issuer/self"> < param name ="requiredClaims" value ="http://.../claims/givenname, http://.../claims/surname, http://../claims/emailaddress, http://.../claims/privatepersonalidentifier"> </ object > </ form > <!-- ... -->
35. "InfoCard" Summary Labs available in the MIX Sandbox! Consistent authentication for digital identities Reduces chances of being phished Adopting takes little developer effort