Implementing Passport Authentication in .NET Web Applications

Some profile attributes are keys into index files. These are located in PassportInstallDirectory>\dictionaries\. The COM interfaces provide a PassportLookupTable class that allows you to load these files and retrieve the values from them. The .NET implementation does not currently provide this; however, you can add a reference to the existing COM component.

Let us familiarize ourself with the PassportIdentity class. Some of the members are listed in the following table.





Compresses information to save bytes being transmitted over the Internet


Decompresses information compressed by the Compress method


Decrypts information based on the key of the current Site ID


Encrypts information based on the key of the current Site ID


Returns a value from the user's profile. The profile elements are available in the SDK. In C#, this property serves as the indexer


The Passport User ID. This is a 64-bit unsigned integer returned via this property as a hexadecimal string. Use System.Convert to coerce this into an UInt64 or any other numeric format that suits your needs.

IsAuthenticated or GetIsAuthenticated

IsAuthenticated is a property that simply returns a bool value indicating if the user is signed in or not.


GetIsAuthenticated is a function that allows you to specify additional parameters such as the time window since they last signed in


Generates an HTML string containing an IMG tag that is based on the user's status with Passport (signed-in or signed-out), embedded within a hyperlink to sign in or out as appropriate



If you've used the COM interfaces to the Passport objects, you should find these familiar-they've been consolidated into the single PassportIdentity class. To put these members to use, create a new C# Web project called MyPassportDemo. When the application core has been created, open the web.config file so you can tell IIS to authenticate resources in this Web application using Passport.

More than likely the file should scream "change me here" to you, but in the event it doesn't, navigate to the authentication element in the document. The legal values for the mode attribute are "Windows", "Forms", "Passport", and "None". Since you're using Passport in this chapter, stick with the "Passport" value. At this point, you've told the framework to authenticate using Passport and could get by with this alone.

For the sake of thoroughness, there are two more configuration changes you can make to alter the Passport behavior. Start by considering a situation when you want to deny anonymous users access to your Web site. This is a pretty simple change, and requires adding the following snippet to your web.config file:



    <deny users="?"/>


This denies all anonymous requests to your site and will force the user to authenticate.


The other Passport-related option in the web.config file is that of specifying the redirectURL. By specifying redirectURL, you'll provide a page of your own to handle any steps you may want to take prior to having a user sign in. A good use for this might be a terms of use screen, although it would most likely frustrate users to have to see that screen repeatedly. That aside, you can specify the option by modifying the "authentication" element as follows:





<authorization mode="Passport">

    <passport redirectURL=""/>



To proceed with the example, undo any changes you made to the web.config file, with the exception of setting the mode attribute of the passport element (passport/@mode=‘Passport'). Next, create a new Web Form called "mainpage.aspx" in the root of the new project.

Right-click the newly created file and select View Code. To work with the appropriate classes, you'll need to reference the namespace by adding the following code to the top of the .cs file:


using System.Web.Security;

Now, open the file in the design view and add a table similar to this:

<table border=0 cellpadding=3 cellspacing=0>


        <td><img src="/support/images/ourLogo.jpg"></td>

        <td runat=server id=scarabCell name=scarabCell></td>




To take this process even further, switch back to the code view of the file and see if it added the reference to the scarabCell. If not, alter the file so that it reads as follows:

public class mainpage : System.Web.UI.Page


    ... other declares ...

    protected HtmlTableCell scarabCell;

    ... rest of code ...


Finally, here's what you've been waiting for-alter the Page_Load() event so that it reads like so:

private void Page_Load(object sender, System.EventArgs e)


    Passportdentity myIdentity=(PassportIdentity)Context.User;

    if (myIdentity.IsAuthenticated)


        scarabCell.InnerHtml="Welcome <b>" + myIdentity.HexPUID + "</b>";





            "",1800,1,"",1033,0,"",10,0); }



Right-click  the "mainpage.aspx" file, make it the start page, and run the application. If all goes well (and you didn't run any other tests that have inadvertent side effects), you should see the Sign In logo on your page. In reality, you should see it either way-the question is whether it will work or not. So, click the logo, and you should be redirected to the Passport login screen. Once you've logged in, you should see a message along the lines of "Welcome FFCA12A ". You may be surprised to see that the name you have registered in your Passport account has become "FFCA ", but in fact it hasn't. The Name property represents your PUID-a 64-bit unsigned integer.


Happy Learning !!!



Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.