Letâs Log In with CardSpace!
With that brief introduction to CardSpace, letâs talk about the requirements for invoking the CardSpace user interface from an ASP.NET page. Here is a list of basic requirements:
Your web site must be SSL-enabled.
A recent build of IE 7 is required for a browser experience with CardSpace.
Your ASP.NET pages can use the
<object>
tag or XHTML syntax to trigger the CardSpace experience.When the security token is posted to the web site, you are responsible for processing the claims inside the token, and using them to authenticate calls.
Example B-1 illustrates the use of the
<object>
tag to launch the CardSpace user
interface. The <object>
tag can be placed inside
the header or in the <form>
tag. When the
ImageButton posts back to the server, the information card object is instantiated, using
parameters as input. The Windows desktop is locked down at this point with the CardSpace UI
presented. After the user selects a card, CardSpace processes the request and returns a
signed and encrypted token to the browser. This token is posted to the server as a form
parameter by the name âxmlTokenEncryptedâ per the <object>
tag name in Listing 1.
Example B-1. Invoking CardSpace with the <object> tag
<form name="formCardSpaceLoginOBJECT" method="post" id="formCardSpaceLoginOBJECT" runat="server"> ... <object type="application/x-informationCard" name="xmlTokenEncrypted" id="xmlTokenEncrypted"> <param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion"/> ...
Get Learning WCF now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.