Integrate Windows Live ID Authentication Into Your Website

Microsoft recently released an SDK that allows you to integrate Windows Live ID authentication into your Website (ASP.NET or any other).  To get started you'll need to register your application and get an application ID.  From there it's quite straightforward especially since a sample application that uses Windows Live ID is available to download.  Sample code is available for ASP.NET, Java, Perl, PHP, Python, and Ruby.

Once you've registered your site and obtained an application ID you can embed an iframe into the page where users need to sign-in.  The iframe points to the windows Live ID authentication page and passes it your application ID:

<iframe 
   id="WebAuthControl" 
   name="WebAuthControl"
   src="http://login.live.com/controls/WebAuth.htm?appid=<%=AppId%>&style=font-size%3A+10pt%3B+font-family%
3A+verdana%3B+background%3A+white%3B"
width="80px" height="20px" marginwidth="0" marginheight="0" align="middle" frameborder="0" scrolling="no"> </iframe>

Once the end user signs-in they'll be redirected to the landing page you specified when you registered the application with WIndows Live ID services.  This page needs to process the response and set a cookie if the user successfully signed-in to Windows Live ID.  The following code (from the SDK sample) shows how you can check what action is being performed and then log the user into or out of your site as appropriate through cookies.  The code relies upon a class named WindowsLiveLogin that is available in the SDK sample code mentioned above.

public partial class HandlerPage : System.Web.UI.Page
{
    const string LoginPage = "default.aspx";
    const string LogoutPage = LoginPage;
    const string LoginCookie = "webauthtoken";
    static DateTime ExpireCookie = DateTime.Now.AddYears(-10);
    static DateTime PersistCookie = DateTime.Now.AddYears(10);

    // Initialize the WindowsLiveLogin module.
    static WindowsLiveLogin wll = new WindowsLiveLogin(true);

    protected void Page_Load(object sender, EventArgs e)
    {
        HttpRequest req = HttpContext.Current.Request;
        HttpResponse res = HttpContext.Current.Response;

        // Extract the 'action' parameter from the request, if any.
        string action = req.QueryString.Get("action");

        /*
          If action is 'logout', clear the login cookie and redirect
          to the logout page.

          If action is 'clearcookie', clear the login cookie and
          return a GIF as response to signify success.

          By default, try to process a login. If login was
          successful, cache the user token in a cookie and redirect
          to the site's main page.  If login failed, clear the cookie
          and redirect to the main page.
        */

        if (action == "logout")
        {
            HttpCookie loginCookie = new HttpCookie(LoginCookie);
            loginCookie.Expires = ExpireCookie;
            res.Cookies.Add(loginCookie);
            res.Redirect(LogoutPage);
            res.End();
        } 
        else if (action == "clearcookie")
        {
            HttpCookie loginCookie = new HttpCookie(LoginCookie);
            loginCookie.Expires = ExpireCookie;
            res.Cookies.Add(loginCookie);

            string type;
            byte[] content;
            wll.GetClearCookieResponse(out type, out content);
            res.ContentType = type;
            res.OutputStream.Write(content, 0, content.Length);

            res.End();
        } 
        else 
        {
            WindowsLiveLogin.User user = wll.ProcessLogin(req.Form);

            HttpCookie loginCookie = new HttpCookie(LoginCookie);
            if (user != null)
            {
                loginCookie.Value = user.Token;

                if (user.UsePersistentCookie)
                {
                    loginCookie.Expires = PersistCookie;
                }
            } 
            else 
            {
                loginCookie.Expires = ExpireCookie;
            }   

            res.Cookies.Add(loginCookie);
            res.Redirect(LogoutPage);
            res.End();
        }
    }
}

You can also integrate other Windows Live controls into your pages.  An example of integrating the Windows Live Contacts Control into a page is available here.  More information about integrating Windows Live ID services into your applications can be found here.

comments powered by Disqus

1 Comment

  • As far as I read through all that stuff we don't have access to any account information of a Live User. I currently use the ASP.NET v2.0 Membership Class for my application, cool would be:
    - User signs in via Live ID
    - UserName, E-Mail and Password is also being added to my ASP.NET Membership Database
    .. but looks like that's not possible, is it? This would cut off direct custom profile fields, statistics newsletters, etc..
    Best regards, Andreas

Comments have been disabled for this content.