Published: 05 Jan 2007
By: Tomas McGuinness

This article is part two in a series of articles designed to get you up and running with Microsoft's CardSpace technology. This part deals with the setup of a simple application that enabled users to select and submit identity cards. It assumes a basic knowledge of IIS and HTML.

Introduction

In part one we setup a high assurance certificate. Now it’s time to put together a simple application that will use the CardSpace technology for registration and access instead of the standard username/password.

Setup a simple application

The first step we’ll take is to set up a directory for our application and create a quick and dirty default.htm page. Using VS 2005 create a new website. I targeted C:\inetpub\wwwroot\CardSpace. Use the IIS manager to create a virtual directory pointing to this directory and give it the alias CardSpaceTest. We don't use the VS2005 web server here since we need an HTTPS (SSL) connection.

For the purposes of this example I’m going to dispense with the use of two login mechanisms (e.g. username/password and CardSpace) and just concentrate on incorporating CardSpace. As a side note, it would be important to include this since browsers like FireFox and Opera don’t support CardSpace. Microsoft has promised to provide support for these browsers in the future. With our directory setup, create a new page called default. This is the entry point into our application. This page will let us select an identity card that we will eventually submit to the site. To allow us to select a card we need to instruct IE 7 to invoke the CardSpace selector, which looks like this:

There are two ways in which we can declare the CardSpace selector within the page; the use of the OBJECT tag or the use of some XHTML. For this sample I've chosen the OBJECT tag. Here are the contents of default.htm:

Within the object tag the important thing to see for now is the requiredClaims parameter. This outlines what information the card must send in order to be accepted. From this you can see it requires the given or first name, the surname, email address and a private personal identifier. The last one here is important as it provides a unique string for this particular card. This will be useful if you are storing the cards in database as it will help you find the particular user that owns this card. There is a complete list of claims at the end of this article.

Creating your first Personal card

So the page is a very simple one that has just one button. Open IE 7 and navigate to https://www.fabrikam.com/CardSpaceTest/login.htm. You’ll remember from part one that we’ve installed a high assurance certificate here so the address bar should be green. Clicking this button opens the CardSelector;

This card is informing me that the last time I was at this site I declined to send a card. I did that so I could get a screen shot of this dialog. I’m still trying to figure out how to get an image into the site information listing. This page gives you the basic information on the site you’re visiting so you can be sure you’re visiting the correct site before sending your private information. Since we’ve setup this site, let us assume we can trust it. Select “Yes, choose a card to send” and this dialog will open.

Click Add a Card and then click the Add button at the bottom. You’ll be prompted to create a card. Select “Create a Personal card”. This represents a self-signed card. I’ll cover the difference between Personal cards and Managed cards in another article.

Under Card properties you can enter the name of the card to help you identify it and you can choose a simple image for the card. Below that you’ll see three red fields. These fields represent the requiredClaims parameter that we specified for the Card when we declared the OBJECT tag on the default.htm page. The uniquepersonalidentifier isn’t displayed as this is a value generated by CardSpaces internally. While you are free to enter all the other information such as your address it won’t be sent with the card as it’s not a required claim. Once you’ve entered the basic information, save the card.

Since you’ve never submitted this card to this site before, the system will warn you of that and you’ll be forced to review the card’s information.

You can see all the information that will be sent along with the card and can edit any mistakes you might have made. At this point, close the CardSpace window. You'll notice that you get a 404 error as the Card Selector has submitted the form. I'm not sure if this is by design, but if you use the XHTML CardSelector markup, this doesn't occur. I've dropped Microsoft an email about this and if I get an answer I'll post it up on my blog.

Summary

We’ve now setup a page that lets you select and submit a card, but we’ve nothing to actually accept this submission! Go back to the HTML and you’ll see the post attribute of the form points to cardprocessor.aspx. We’re going to use this page to actually process the card information. I’m going to cover this in part three.

I would now like to return to the requiredClaims we’ve specified. In this example we’re only sending four pieces of information but as you have seen, you can include much more. Each of these claims has a particular namespace. Here they are:

  • Given Name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
  • Email Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
  • Surname = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
  • Street Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress
  • Locality = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
  • State/Province = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
  • Postal Code = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode
  • Country = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
  • Home Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone
  • Other Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
  • Mobile Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
  • Date of Birth = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth
  • Gender = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender
  • PPID = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
  • Web site = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/website

[This list was taken from http://msdn2.microsoft.com/en-us/library/aa395199.aspx]

References

Microsoft’s CardSpace: Part 1 – Getting started
Microsoft’s CardSpace: Part 3 – Using a Card

<<  Previous Article Continue reading and see our next or previous articles Next Article >>

About Tomas McGuinness

Tomas McGuinness is currently working as an application developer for Resilient Networks in London and does part-time freelance work on small projects. He has worked primarily in web application development for a variety of companies.

This author has published 4 articles on DotNetSlackers. View other articles or the complete profile here.

Other articles in this category


An inside look at Symmetric Encryption
This article describes the internal workings of symmetric encryption; also known as secret key encry...
The Diffie-Hellman Key Agreement Standard
The Diffie-Hellman Key Agreement Standard describes an algorithm which allows two individual parties...
Microsoft’s CardSpace: Part 3 – Using a Card
This article is the final part in a series of articles designed to get you up and running with Micro...
Protect Code with Skater .NET Obfuscator
Application vulnerabilities, Intellectual Property theft and revenue loss are among the most serious...
Book Review: Understanding Windows CardSpace
Review of the book “Understanding Windows CardSpace”.

You might also be interested in the following related blog posts


Adding IIS Manager Users and Permissions using PowerShell read more
Scenarios for WS-Passive and OpenID read more
What is this Open Cloud Manifesto...anyways??? read more
Clarity Consulting Unveils New Point of Sale (POS) 'Innovation Lane' at National Retail Federation Convention read more
I’m going to MIX09, will I see you there? read more
Clarity Consulting Helps Follett Higher Education Group Expand Market With Direct-to-Customer Sales Solution read more
Software in the cloud: The Relay Service read more
SQL Server Reporting Services Subscriptions with custom security read more
Building Interactive User Interfaces with Microsoft ASP.NET AJAX: Using the UpdatePanel read more
CardSpace interoperability with PHP and Java read more
Top
 
 
 

Discussion


Subject Author Date
placeholder Image in the site information listing Scott Eade 1/21/2007 8:21 PM
Image in the site information listing Tomas McGuinness 1/22/2007 4:57 AM
placeholder Fabrikam cert doesn't work for me - locks up CardSpace Scott Eade 1/23/2007 12:49 AM
Image in the site information listing Scott Eade 1/19/2007 4:04 AM
placeholder Image in the site information listing Tomas McGuinness 1/19/2007 4:53 AM

Please login to rate or to leave a comment.