Windows Live ID Web Authentication

By now, I hope you've heard about the recent release of Windows Live ID Web Authentication.

If you haven't, here are some links you should check out:

• dev.live.com, the place for all things developer-related to Windows Live :-)  (click on Authentication in the list on the left)
• Angus Logan's post: SERVICE RELEASE ANNOUNCEMENT: Windows Live ID Web Authentication Released!
• Windows Live ID blog post: Windows Live ID Web Authentication SDK for Developers Is Released
• Channel9 interview: Lynn Ayres - What is Live ID?
• To see Windows Live ID Web Authentication in action, check out LiveSide - they've added it to their site

Test driving the ASP.NET sample

I finally got around to giving it a test drive myself, using the ASP.NET sample included in the Windows Live ID Web Authentication SDK, and wanted to share my experience with you.

Let me first share with you one of my pet peeves regarding web development: I DO NOT want to install a web server on my client machine. I don't have anything against web servers, it's just that I don't want the hassle of installing, running and managing a web server on my laptop when all I want to do is some straight-forward web app development. That's why I love the built-in ASP.NET Development Server that was introduced in VS 2005, and I actively advocate the need for our development scenarios to work in this environment.

The ASP.NET sample assumes you have IIS installed, so there were a couple of things I needed to do before I could run it from the ASP.NET Development Server.

Some background on Windows Live ID Web Authentication that is relevant to the steps I'll outline below:

• Users will sign in/out of Windows Live ID on your site via a link you provide to the Windows Live ID Authentication service; you need to provide an AppID in the query string (see Displaying the Sign-In Link for details)
• An AppID is obtained by registering your application and providing (among other things) a "Return URL" to which the service redirects users after they have successfully signed in/out (see Getting Your Application ID for Web Authentication). 
• The Return URL points to a page on your web site that handles login/logout actions (see Handling the Response from the Service). I'll refer to this page as the "web-auth handler".
• To change the URL of your web-auth handler, you need to update the registration values associated with the AppID (or create a new AppID, if you don't own the existing AppID - as is the case with the sample)

Creating a file system-based Web Site for the ASP.NET sample

Since I don't have IIS installed, the steps for setting up the sample differ than the ones described in the SDK docs.

Here's what I did to set up a file system-based web site for the sample:

1. Ran the ASP.NET sample installation file (webauth.msi), which you'll find here. 
2. Using Visual Studio, I created an Empty Web Site and named it WebAuth.
3. Copied the contents of the C:\Program Files\Windows Live ID\WebAuth\Sample folder to the WebAuth folder created for the web site
4. Copied the C:\Program Files\Windows Live ID\WebAuth\App_Code folder to the WebAuth folder
5. Refreshed the web site project in VS (right click on the site in the Solution Explorer and select Refresh Folder)

Running the ASP.NET sample using the ASP.NET Development Server

The AppID used by the sample is configured to redirect the user to the following path: http://localhost/webauth/sample/webauth-handler.aspx. This path won't work if you're app is running under the ASP.NET Development Server, because it's not listening on port 80 - it uses a randomly selected port. So I created a new AppID and modified the sample to work with this new ID. I did this in three steps.

Step #1: Determined the port being used by the ASP.NET Development Server

I ran the web app from VS and noted the port number displayed by the ASP.NET Development Server icon in the system tray. [If you hover over the icon - the one pointed to by the arrow in the image below - you'll see the port number at the end of the description text]. 

(There's a doc that describes how to configure it to use a specific port - How to: Specify a Port for the ASP.NET Development Server - but I found that the server seems to use the same port for a given app).

Step #2: Created a new AppID

I followed the steps outlined in Getting Your Application ID for Web Authentication to create a new AppID. 

• Application Name - you can use any value here; I used WebAuthSampleApp
• Return URL - I included the port on which the ASP.NET Development Server was listening (as determined in Step #1). Since I created a file system-based Web Site called WebAuth, and the server was listening on port 61343, it looked like this: http://localhost:61343/WebAuth/webauth-handler.aspx. 
• Secret Key - to minimize changes to the sample app, I specified the value used by the sample: ApplicationKey123

Step #3: Modified Web.config

The sample is reading the AppID and Secret Key values from the web.config file. I found the following line, and replaced the wll_appid key's value with my newly created AppID.

<add key="wll_appid" value="0016BFFD80002719"/>

That did it - from there, I just pressed F5 and ran the sample application under the ASP.NET Development Server.