Microsoft KB Archive/315734

= HOW TO: Secure an ASP.NET Application by Using Microsoft Passport =

Article ID: 315734

Article Last Modified on 8/5/2004

-

APPLIES TO


 * Microsoft Passport 2.5

-



This article was previously published under Q315734



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry





IN THIS TASK

 * SUMMARY
 * Requirements
 * Install Passport 2.5 SDK
 * Configure Windows XP Client for Pre-Production Mode
 * Create a Pre-Production Mode Passport Account
 * Create an ASP.NET Site that Uses Passport Authentication
 * Passport Sign In
 * Troubleshoot
 * REFERENCES



SUMMARY
This step-by-step article describes how to set up and use Passport in test mode. Microsoft .NET Passport provides Web-based authentication with Single Sign-In service, Kids Passport service, and Wallet service. Microsoft Passport provides Single Sign-in authentication service to secure Web applications. In a Passport-enabled site, you can sign in by using your Passport account. Your Passport account may also be used to sign in to thousands of other Web sites.

Back to the top

Requirements
To set up and use Passport in test mode, Microsoft recommends the following hardware, software, network infrastructure, skills, knowledge, and service packs:
 * Use a computer that is running Microsoft Windows 2000 Server with Service Pack 2 (SP2) or Microsoft Windows 2003 Server.

You can use Microsoft Windows XP Professional for testing.
 * Use Internet Information Services (IIS) version 5.0.
 * Use Internet Explorer 6.0.
 * Use Microsoft Visual Studio .NET Beta 2.0 or Release Candidate.
 * Be connected to the Internet.
 * Have prior knowledge about Microsoft Visual Basic .NET or Microsoft Visual C#. NET.

Back to the top

Install Passport 2.5 Software Development Kit (SDK)
To install the Passport 2.5 SDK, follow these steps:  Visit the following Microsoft uniform resource locator (URL):

http://download.microsoft.com/download/e/8/1/e8197a24-dd81-48c3-9db2-be5fed8bed84/ppm_sdk_v2_5.exe Click to select Save this program to disk, and then click OK. Save the setup file to your hard disk. When the download completes, double-click ppm_sdk_v2_5.exe to start the installation procedure. On the Welcome page, click Next. On the License Agreement page, click Yes.</li> On the Destination Path page, specify the path for the Passport SDK files, and then click Next.</li> On the Setup Type page, click to select Development/Test, and then click Next.</li> On the Select Folder page, specify the program folder that displays the Passport SDK icons, and then click Next.</li> On the Select Web Site page, click to select Default Web Site, and then click Next.

Setup stops IIS, installs Passport SDK, and then restarts IIS. Next, Internet Explorer launches and tries to open the local PassportTest Web site.

Click Refresh on the Internet Explorer toolbar if you receive the following error message:

&quot;This page cannot be displayed&quot;

</li> When the network map is updated, read the page that appears. Passport is installed in test mode. Your site is not registered on the Passport servers, and the total functionality is not available. However, you can use Passport to build sites that authenticate users.</li></ol>

Back to the top

Configure Windows XP Client for Pre-Production Mode
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. A Windows XP client can associate a Passport account with each user. If you use a Windows XP client, follow these steps to make sure you use the Passport database in pre-production mode instead of production mode. <ol> Start Registry Editor (Regedit.exe), and then delete the contents of the following two registry keys: <ul>  </li></ul>

-and-

<ul>  </li></ul> </li> Download the pre-production mode registry script from the following Microsoft Web site:

Microsoft .NET Passport

http://www.passport.com/downloads/blaze-default.reg</li> Double-click the blaze-default.reg registry script to add the pre-production mode Passport information to the registry.</li></ol>

Back to the top

Create a Pre-Production Mode Passport Account
To test your Passport functionality, create one or more pre-production mode Passport accounts. To use Windows 2000 while you create a pre-production mode Passport account, follow these steps:
 * 1) Visit the following URL by using Internet Explorer:

http://localhost/PassportTest
 * 1) Click Sign In to redirect to the Passport logon server.
 * 2) Click Get one now to create a pre-production environment Passport account. Complete the form by using the e-mail address of your choice.

Note You cannot use any of your existing Passport accounts when you install Passport in pre-production mode. Pre-production environments use a user database that is separate from production sites.
 * 1) When you register your new Passport, verify that you are redirected back to the URL from step 1.

Notice the default account details that are used when Passport is installed in test mode. The details you type in the form are ignored until you register your site.
 * 1) Close Internet Explorer.

To use Windows XP, follow these steps:
 * 1) From Control Panel, start the user accounts application. View the properties of your user account.
 * 2) If your Passport account is already associated with your Windows XP user account, click Change my .NET Passport, and then click to select Use a Different Passport.

If your Passport account is not already associated with your Windows XP user account, click Set up my account to use a .NET Passport, and then click Next on the first page of the wizard. Use the wizard to create a Passport account and associate it with your Windows XP user account. The pre-production mode account is created because of the registry editing that permits you to use Passport in pre-production mode.

You can also create pre-production accounts by visiting the following Web site:

Microsoft .NET Passport

www.passport-ppe.com

Back to the top

Create an ASP.NET Site that Uses Passport Authentication
<ol> Start Visual Studio .NET.</li> Create a new ASP.NET Web Application project by using Visual Basic .NET or Visual C# .NET.</li> Name the project PassportSite .</li> In Solution Explorer, double-click Web.config.</li>  Change the mode attribute value of the authentication element to Passport, as follows: <authentication mode=&quot;Passport&quot; /> </li> <li>Right-click WebForm1.aspx, and then click View Code.</li> <li> Add the following code to the class declaration:

Visual Basic .NET Imports System.Web.Security Visual C# .NET using System.Web.Security; </li> <li> Add the following code to the Page_Load event:

Visual Basic .NET Dim pi As New PassportIdentity ' Display the Passport Sign-in / Sign-out logo Response.Write(pi.LogoTag2(Request.Url.ToString, 60, False, Nothing, -1,False, Nothing, -1,False)) 'Check user authentication and display the Passport ID of logged in users If pi.IsAuthenticated Then Response.Write (&quot;<BR> Your Passport ID is &quot; & pi.Name) Else Response.Write (&quot;<BR> Please log in by clicking the Passport logo above&quot;) End If Visual C# .NET PassportIdentity pi = new PassportIdentity; // Display the Passport Sign-in / Sign-out logo Response.Write(pi.LogoTag2(Request.Url.ToString, 60, false, &quot;&quot;, -1, false, &quot;&quot;, -1, false)); //Check user authentication and display the Passport ID of logged in users if(pi.IsAuthenticated) { Response.Write(&quot;<BR> Your Passport ID is &quot;+ pi.Name); } else { Response.Write(&quot;<BR> Please log in by clicking the Passport logo above&quot;); } </li> <li>Build and then save the project.</li></ol>

Back to the top

Passport Sign In

 * 1) Start PassportSite.

By default, WebForm1.aspx is displayed.
 * 1) Click Sign In.
 * 2) Sign in to Passport by using the pre-production mode that you previously registered.

When you sign-in, you are returned to the WebForm1.aspx page. This page displays a Sign Out logo and your Passport ID.

Back to the top

Troubleshoot
When you experiment with Passport authentication in ASP.NET applications, you can use the authorization element to deny anonymous access to some or all pages in the site. This causes a default sign-in page to be displayed.

When you use Visual Studio .NET Beta 2.0, modify the Machine.config file in the <WindowsDirectory>\Microsoft.NET\Framework\ \CONFIG folder. This modification is required because of a bug in Visual Studio .NET Beta 2.0. This bug is resolved in later versions of Visual Studio .NET.

To create the modification, open Machine.config in Visual Studio, and then use the Find and Replace tool with the Match Case option enabled to replace  with. You can then save Machine.config and restart IIS by using the IISRESET.exe command line tool.

Back to the top