Let’s Log In with CardSpace!

With that brief introduction to CardSpace, let’s talk about the requirements for invoking the CardSpace user interface from an ASP.NET page. Here is a list of basic requirements:

  1. Your web site must be SSL-enabled.

  2. A recent build of IE 7 is required for a browser experience with CardSpace.

  3. Your ASP.NET pages can use the <object> tag or XHTML syntax to trigger the CardSpace experience.

  4. When the security token is posted to the web site, you are responsible for processing the claims inside the token, and using them to authenticate calls.

Example B-1 illustrates the use of the <object> tag to launch the CardSpace user interface. The <object> tag can be placed inside the header or in the <form> tag. When the ImageButton posts back to the server, the information card object is instantiated, using parameters as input. The Windows desktop is locked down at this point with the CardSpace UI presented. After the user selects a card, CardSpace processes the request and returns a signed and encrypted token to the browser. This token is posted to the server as a form parameter by the name “xmlTokenEncrypted” per the <object> tag name in Listing 1.

Example B-1. Invoking CardSpace with the <object> tag

<form name="formCardSpaceLoginOBJECT" method="post" id="formCardSpaceLoginOBJECT" runat="server"> ... <object type="application/x-informationCard" name="xmlTokenEncrypted" id="xmlTokenEncrypted"> <param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion"/> ...

Get Learning WCF now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial