donderdag, september 25, 2008

 

Live ID login

Today I experimented with Windows Live authentication. Microsoft has opened up its enormous 'Live' database of accounts (like hotmail.com or live.com), for other sites to use to log in users. It's the successor of MS Passport and free this time. There are more than 350 million Live accounts out there.

It's not like OpenID at all, but since I've implemented that yesterday, I enlarged the concept to also include Live ID Authentication. On the login page you can now choose to login with your traditional about2findout account, an OpenID or a Live ID.

To enable your site for Live ID authentication, you need to register first at Microsoft's site. You need to have the name of the application and a secret key, and where to send the response back.
On your site, you need to include the login button (an iframe script), and retrieve the userid that the Live ID server sends back to you on the page you specified during registration. Use the code from the free Web Authentication SDK.
Because that is all you get: if a user succesfully logs on with their Live ID, you won't get anything but a unique UserID. That means it is up to your site to get email, a friendly username, and other settings you might need. That UserID you can then use to store user information and de the normal login. The way I've implemented it, I store the UserID I get from the LiveID server in my users table, and create a regular account for them behind the screen. Much like I've done for the OpenID implementation in my previous post.

Useful links:
- Peter Bromberg's blog
- public Info Tech blog
- MSDN

PS At the moment, openid and live id are only implemented at the about3findout experimental site, they'll come to the main site when all testing is done.

Labels: ,


# posted by Bert De Coutere @ 3:45 PM 0 comments links to this post