Browse by Tags

• Adding CardSpace Support to DasBlog - Part 4 (Registering a User)

  So far, we've added the ability to log in using an InfoCard. But how does the InfoCard get registered? Pretty simple: you add another <input> called "Register InfoCard", and invoke the same exact client script to pop up the InfoCard UI. Then, in the ASP.NET postback handler, you create a new entry in the siteSecurity.config file (which stores all the userid/password pairs for registered users), but add a "Pending" flag to the User structure to make sure the user entries aren't active until the user is validated, and a "PendingID" field to store the GUID that will be passed back in when the user clicks the validation link. First, the changes to SiteSecurity.cs. We add the fields mentioned above to the User class: public class User { string name; string password; // other fields omitted.. // true if the user is still being validated bool pending = false ; > Guid pendingID; // other properties omitted.. public bool Pending { get { return pending; } set { pending = value ; } } public Guid PendingID { get { return pendingID; } set { pendingID = value ; } } } And we add the following methods to class SiteSecurity: /// <summary> /// This function adds a user using a string containing the claims /// from a SAML token. /// </summary> /// <param name="claimString"> The claim string </param> /// <param name="id"> The id of the pending user validation request </param> /// public static void AddPendingUser( string claimString, Guid id) { Token token = new Token (claimString); string userName = GetUserNameFromToken(token); AddUser(userName, token.UniqueID, "commenter" , true , token.Claims[ ClaimTypes .Email], true , id); } /// <summary> /// This function approves a pending user validation request, without doing any validation /// on any incoming claims /// </summary> /// <param name="id"> The ID of the pending user validation request </param> /// <returns> A boolean corresponding to the status of the operation </returns> public static bool ApprovePendingUser( Guid id) { if (id != null ) { SiteSecurityConfig ssc = GetSecurity(); User user = ssc.GetUserByPendingID(id); if (user == null ) return false ; user.Pending = false ; SetSecurity(ssc); return true ; } return false ; } /// <summary> /// This function approves a pending user validation request provided /// that the claim string passed in matches the original claim string /// </summary> /// <param name="claimString"> The claim Read More... Posted Sunday, January 07, 2007 9:23 PM from OhmBlog | 0 Comments Filed under: Blogging;CardSpace;Indigo AKA WCF;Web Services/XML

• Adding CardSpace Support to DasBlog - Part 3 (Browser Script)

  So how does one add InfoCard support to a web page? The first think you have to do is add the CardSpace <object> tag to the page, adding some javascript to call the object and get the token, and associated that script with a button on the page. The "UsingCardSpaceWithIE7" sample in the .NET FX 3.0 SDK (the Vista download page has a good overview of what's necessary to get a dev environment going for .NET FX 3.0). Here's what the object tag looks like: < object type ="application/x-informationcard" name =" _ xmlToken "> < param name ="tokenType" value ="urn:oasis:names:tc:SAML:1.0:assertion" /> < param name ="requiredClaims" value ="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" /> </ object > > You put this somewhere in the <head> of the HTML, so that it's available to the page. Given that dasBlog generates the head portion of the page dynamically, I had to add some code to SharedBasePage.cs:ProcessTemplates() to add this to the page that gets generated. Then, you need to add some script to "dereference" that object tag which causes the CardSpace dialog to pop up, assuming you're running over HTTPS (more on that in a future post). LoginBox.ascx <% @ Control Language ="c#" AutoEventWireup ="false" Codebehind ="LoginBox.ascx.cs" Inherits ="newtelligence.DasBlog.Web.LoginBox" TargetSchema =" http://schemas.microsoft.com/intellisense/ie5 " %> < script language ="javascript"> function GetWCSToken() { var xmltkn=document.getElementById( " _ xmltoken " ); var wcslabel = document.getElementById( "LoginBox_wcstoken" ); wcslabel.value = xmltkn.value ; } </ script > < div class ="signInContainerStyle" id ="login"> < table class ="signInTableStyle"> <!-- omitted some irrelevant stuff --> < tr > < td class ="signInEditCellStyle" colSpan ="2"> < asp : Button ID ="doCardSpaceSignIn" runat ="server" CssClass ="signInButtonStyle" OnClick ="doCardSpaceSignIn_Click" OnClientClick ="BLOCKED SCRIPTGetWCSToken();" Text ='CardSpace Sign-In' Width ="147px" /> &nbsp;&nbsp; < asp : Button ID ="doRegisterCardSpace" runat ="server" CssClass ="signInButtonStyle" OnClick ="doRegisterCardSpace_Click" OnClientClick ="BLOCKED SCRIPTGetWCSToken();" Text ='Register CardSpace' Read More... Posted Sunday, January 07, 2007 8:54 PM from OhmBlog | 0 Comments Filed under: Blogging;CardSpace;Indigo AKA WCF;Web Services/XML

• Adding CardSpace Support to DasBlog - Part 2

  So, how does CardSpace add value to a site like, say, OhmBlog ? There are a few potential applications: Authenticating as an admin with an InfoCard. This is a nice convenience because I don't have to remember my admin userid and password. Allowing users to register and login with their InfoCards. Kim Cameron led the way here with his IdentityBlog . Kim only allows authenticated users to leave comments on his blog. Requiring users to submit an InfoCard in order to leave a comment - this is to prevent spambots from drowning your blog with their drivel. DasBlog's "Captcha" feature also works well here, but CardSpace is harder yet to script, because it puts up a private secure desktop. Picking up personal information from the claims in the InfoCard and using them to populate the commenter's personal information (name, e-mail address) when leaving a comment. I've implemented support for the first 3, and will add support for the fourth shortly (after the work that's already been done, it should be trivial). Next, I'll talk about how a developer would add CardSpace support to a website... Read More... Posted Sunday, January 07, 2007 7:53 PM from OhmBlog | 0 Comments Filed under: Blogging;CardSpace;Indigo AKA WCF;Web Services/XML