In part one we setup a high assurance certificate. Now it’s time to put together a simple application that will use the CardSpace technology for registration and access instead of the standard username/password.
Setup a simple application
The first step we’ll take is to set up a directory for our application and create a quick and dirty default.htm page. Using VS 2005 create a new website. I targeted C:\inetpub\wwwroot\CardSpace. Use the IIS manager to create a virtual directory pointing to this directory and give it the alias CardSpaceTest. We don't use the VS2005 web server here since we need an HTTPS (SSL) connection.
For the purposes of this example I’m going to dispense with the use of two login mechanisms (e.g. username/password and CardSpace) and just concentrate on incorporating CardSpace. As a side note, it would be important to include this since browsers like FireFox and Opera don’t support CardSpace. Microsoft has promised to provide support for these browsers in the future. With our directory setup, create a new page called default. This is the entry point into our application. This page will let us select an identity card that we will eventually submit to the site. To allow us to select a card we need to instruct IE 7 to invoke the CardSpace selector, which looks like this:
There are two ways in which we can declare the CardSpace selector within the page; the use of the
OBJECT tag or the use of some XHTML. For this sample I've chosen the
OBJECT tag. Here are the contents of default.htm:
object tag the important thing to see for now is the
requiredClaims parameter. This outlines what information the card must send in order to be accepted. From this you can see it requires the given or first name, the surname, email address and a private personal identifier. The last one here is important as it provides a unique string for this particular card. This will be useful if you are storing the cards in database as it will help you find the particular user that owns this card. There is a complete list of claims at the end of this article.
Creating your first Personal card
So the page is a very simple one that has just one button. Open IE 7 and navigate to https://www.fabrikam.com/CardSpaceTest/login.htm. You’ll remember from part one that we’ve installed a high assurance certificate here so the address bar should be green. Clicking this button opens the CardSelector;
This card is informing me that the last time I was at this site I declined to send a card. I did that so I could get a screen shot of this dialog. I’m still trying to figure out how to get an image into the site information listing. This page gives you the basic information on the site you’re visiting so you can be sure you’re visiting the correct site before sending your private information. Since we’ve setup this site, let us assume we can trust it. Select “Yes, choose a card to send” and this dialog will open.
Click Add a Card and then click the Add button at the bottom. You’ll be prompted to create a card. Select “Create a Personal card”. This represents a self-signed card. I’ll cover the difference between Personal cards and Managed cards in another article.
Under Card properties you can enter the name of the card to help you identify it and you can choose a simple image for the card. Below that you’ll see three red fields. These fields represent the
requiredClaims parameter that we specified for the Card when we declared the
OBJECT tag on the default.htm page. The
uniquepersonalidentifier isn’t displayed as this is a value generated by CardSpaces internally. While you are free to enter all the other information such as your address it won’t be sent with the card as it’s not a required claim. Once you’ve entered the basic information, save the card.
Since you’ve never submitted this card to this site before, the system will warn you of that and you’ll be forced to review the card’s information.
You can see all the information that will be sent along with the card and can edit any mistakes you might have made. At this point, close the CardSpace window. You'll notice that you get a 404 error as the Card Selector has submitted the form. I'm not sure if this is by design, but if you use the XHTML CardSelector markup, this doesn't occur. I've dropped Microsoft an email about this and if I get an answer I'll post it up on my blog.
We’ve now setup a page that lets you select and submit a card, but we’ve nothing to actually accept this submission! Go back to the HTML and you’ll see the post attribute of the form points to cardprocessor.aspx. We’re going to use this page to actually process the card information. I’m going to cover this in part three.
I would now like to return to the
requiredClaims we’ve specified. In this example we’re only sending four pieces of information but as you have seen, you can include much more. Each of these claims has a particular namespace. Here they are:
- Given Name = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
- Email Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Surname = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
- Street Address = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress
- Locality = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
- State/Province = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
- Postal Code = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode
- Country = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
- Home Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone
- Other Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
- Mobile Phone = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
- Date of Birth = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth
- Gender = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender
- PPID = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
- Web site = http://schemas.xmlsoap.org/ws/2005/05/identity/claims/website
[This list was taken from http://msdn2.microsoft.com/en-us/library/aa395199.aspx]
Microsoft’s CardSpace: Part 1 – Getting started
Microsoft’s CardSpace: Part 3 – Using a Card
Tomas McGuinness is currently working as an application developer for Resilient Networks in London and does part-time freelance work on small projects. He has worked primarily in web application development for a variety of companies.
This author has published 4 articles on DotNetSlackers. View other articles or the complete profile here.
You might also be interested in the following related blog posts
Adding IIS Manager Users and Permissions using PowerShell
Scenarios for WS-Passive and OpenID
What is this Open Cloud Manifesto...anyways???
Clarity Consulting Unveils New Point of Sale (POS) 'Innovation Lane' at National Retail Federation Convention
I’m going to MIX09, will I see you there?
Clarity Consulting Helps Follett Higher Education Group Expand Market With Direct-to-Customer Sales Solution
Software in the cloud: The Relay Service
SQL Server Reporting Services Subscriptions with custom security
Building Interactive User Interfaces with Microsoft ASP.NET AJAX: Using the UpdatePanel
CardSpace interoperability with PHP and Java
Please login to rate or to leave a comment.