Microsoft KB Archive/303736

= INFO: Setting Microsoft Passport Manager Defaults =

Article ID: 303736

Article Last Modified on 4/9/2004

-

APPLIES TO


 * Microsoft Passport Network 3.0
 * Microsoft Passport 1.3
 * Microsoft Passport 1.4

-



This article was previously published under Q303736



SUMMARY
Although some parameters of Microsoft Passport methods are listed as optional, such as PassportManager.LoginUser, the methods still generate URLs or generate results that reflect inherent default values when they are called.

These default parameter values can be used to provide consistent site-wide values, such as the required time window that all users must be authenticated in. Use the Passport Manager Administration utility to set these defaults.



MORE INFORMATION
The primary defaults that affect the Passport Manager object and the Passport FastAuth method implementation are the following values:


 * Time Window: Change this value to the default time window that you want to set.

The time window specifies how old a Ticket may be before the IsAuthenticated method returns False for an otherwise valid Ticket. The time window also qualifies how old a Ticket that is submitted to the Login server may be without requiring a refresh for the LoginUser method, the AuthURL2 method, or the LogoTag2 method. The installed default is 1800 seconds (equal to 30 minutes).
 * Force Login: Change this value to True (selected) or False (cleared).

True indicates that the Ticket, as read by IsAuthenticated, must represent a refresh where you enter a password (not a silent refresh) for IsAuthenticated to return True. A True default for Force Login also changes the behavior at the Login server for any user who is sent to the server by URLs that are derived from LoginUser, AuthURL2, or LogoTag2. Specifically, the Login server does not silently refresh, and the Login server always prompts you for a password if the existing Ticket is past the supplied time window.

A False default for Force Login indicates that any Ticket in the time window is acceptable either to the IsAuthenticated method or to handling at the Login server, as accessed through the AuthURL2 or LogoTag2 output URLs or as accessed through a LoginUser redirect.
 * Language ID: If a server on your site is dedicated to a particular language or locale, you may want to set the Language ID on that server to be a consistent value instead of declaring the locale identifier (LCID) in each method call. The Language ID declares the language that Passport service pages (such as Sign-in and Registration) render in when they are obtained with the URL results of LoginUser, AuthURL2, LogoTag2, or GetDomainAttribute.

Note If you expect your site to handle multiple languages, and your site uses either Passport profile information or browser sniffing to determine the user’s probable language choice, you may want to declare LCID by method call or by user access.
 * Other Passport Manager Administration Utility Values: Typically, it is best not to set Cobrand Args and Return URL as site-wide defaults. It is best to leave these values blank, and then set them on each method call. Other attributes set in the Passport Manager Administration utility do not necessarily affect Passport Manager or Passport FastAuth method defaults directly.

Note Microsoft Passport 2.5 introduces the Security Level setting. By default, Security Level is set to 10 or to Secure Sockets Layer (SSL). If your site is HTTP only (it does not use SSL), you must change this setting to 0.

