Windows Live Authentication in Commerce Server 2007 Starter Site

ravikanth | August 17, 2008

Commerce server provides independent profile mechanism for authorization. Windows live Id is Microsoft Internet based software service that is designed to manage identity & trust within the Microsoft eco system. Let’s leverage the Windows Live ID as a login authentication method for an e-Commerce site. Using a username and password that the user is familiar with will reduce the costs and time spent on managing user identities. This article will describe the process of integrating Windows Live ID with the Commerce Server Starter Site.

Following are the steps in authentication process

  1. User clicks on sign-in or sign-out button in starter site.
  2. If user already signed in then
    1. Retrieve user’s unique identifier from stoken.
      1. If User has commerce server profile
        1. If yes, validate user and perform other login tasks.
        2. Starter site will display personalized contents to the user.
      2. If user doesn’t have commerce server profile
        1. Redirect the user to registration page.
        2. User fills the registration form.
        3. Create user profile and other login tasks.
        4. Starter site will display personalized contents to the user.
  3. If user hasn’t signed in then
    1. Redirect user to windows live ID.
    2. Windows live ID authentication process will happen.
    3. Redirect to starter site. 

This is two step process.

  1. Register your application with windows live.
  2. Change your web site to use windows live ID.

Click on below URL to register your application with windows live
https://msm.live.com/app/

The second step is to do following changes in starter site so that the application asks windows ID authentication instead of default profile authentication. Here are the steps.

  • Copy WindowsLiveLogin.cs (from the Web Authentication SDK, downloaded above) to the Starter Site’s App_Code directory. You can download web authentication SDK from below link
    http://www.microsoft.com/downloads/details.aspx?FamilyId=24195B4E-6335-4844-A71D-7D395D20E67B&displaylang=en
  • Create a new login page say LiveIDLoginPage.aspx
  • Create a new registration page say LiveIDRegistrationPage.aspx.
  • Update the Starter Site’s web.config file to reference the new pages – e.g. loginUrl=“~//LiveIDLoginPage.aspx”
  • Add the following <appSettings> section to the web.config file. Make sure you set your application values appropriately.
    <appSettings>
    <add key=”wll_appid” value=”123456789″/>
    <add key=”wll_secret” value=”MySecretKeyForStarterSite”/>
    <add key=”wll_securityalgorithm” value=”XXXXX”/>
    </appSettings>
  • In your LiveIDLoginPage.aspx page, verify if the user has already been authenticated by Windows Live ID. If not, redirect to Windows Live ID sign-in page.
  • Retrieve user’s unique identifier and verify if profile exists in Commerce Server. Redirect to new user registration page if needed

This article will help you to understand how to implement window Live Id authentication and doesn’t provide end to end code? Many companies doesn’t want the user profile created at different entity (like passport authentication). Here we are using windows live ID only for authentication and rest of the user details are captured during registration process. This will help us to perform targeting our site content appropriately.

 

Comments
No Comments »
Categories
commerce server 2007
Tags
, , , ,
Comments rss Comments rss
Trackback Trackback