In a recent post, I promised to demystify Windows Live™ ID and help you understanding what the options are when it comes to integrate Windows Live ID to your (new) application. I said "application" because WLID is not only something you can plug into your web application but also to your Smart Client application as well. Note that even if WLID is available to Smart Clients, some Windows Live™ Services cannot be access from a Smart Client application and can only be "touched" from a web application only - so, make sure you carefully read the Terms Of Use (TOU) for each service.

Windows Live™ ID is providing you with an authentication infrastructure so you don't need to build it in-house. Let's clearly set the scene - I am talking about Authentication information and not Authorization and/or Profile information. While you will be relying on Windows Live servers for authenticating (sign in, sign out, sign up) users, all information about their profile and the rights they have within your application is fully under your control and won't be stored on Windows Live™ infrastructure. Unless some very special cases, you won't have access to WLID profile information and even to the WLID Identifier (a fortiori WLID password) used for signing-in when it comes to Web Authentication for example. Basically and for privacy reasons, when users will use WLID to sign-in to your application, you'll be receiving from the Live infrastructure a Private Personal Identifier (PPID) that is unique for a given WLID and a given application - this might vary depending on the option (SDK) you choose to go for.

You basically have five SDK to help you benefit from Windows Live™ ID infrastructure. Two SDK are essentially targeting Smart Client applications and three SDK are targeting Web Based solutions. In this part, I will concentrate on Client based authentication.

Microsoft Windows Live ID Client SDK 1.0 - This SDK is dedicated to Smart Client solutions providing WLID as an authentication mechanism. It comes two main classes - Identity and IdentityManager. How this is working?

Basically, the developer uses the IdentityManager class to create an Identity object using the IdentityManager.CreateIdentity method. Use the Identity.Authenticate method for prompting the user to enter his WLID credentials - the form UI comes with the assembly and is completely opaque to the developer. if the user's credentials are correctly entered, the Identity.Authenticate returns true and the Identity.IsAuthenticated is also set to true. The process also populates two main properties; Identity.cId and Identity.UserName.
Identity.cId is the PPID for that given user for this given application and Identity.UserName is the Windows Live identifier used for signing-in.

As you can see, no need to create a special form, grab sensitive data from the username and password text boxes and call any web services behind the scene, developers only have to deal with the Identity class for retrieving user's identity.
That is for dealing with Identity - one benefit of the Windows Live™ ID infrastructure - but as I mentioned earlier, Windows Live is not only about Identity, it is also about additional services (Photos, Contacts, Messenger, SkyDrive and so on and so forth). Developer will then use the Identity.GetTicket method to acquire the authentication ticket that will enable them to embed calls to Windows Live™ services API or open a browser to navigate Windows Live™ Services using the Identity.OpenAuthenticatedBrowser method.

RPS Soap requests - This approach isn't for handling the authentication process to the Live infrastructure but for acquiring a Windows Live™ ID token in order to access other Live services. It is recommended to use it for Smart Client only and for application not written in managed code. One will have to build a SOAP request to the WS-TRUST point - https://dev.login.live.com/wstlogin.srf as shown in the MSDN article http://msdn2.microsoft.com/en-us/library/bb447721.aspx which is talking about the various way for acquiring a token in order to access Windows Live Data.

If the WLID credentials supplied are correct, the endpoint returns a SOAP response with a token in the body element <wsse:BinarySecurityToken>. This token can be used in the security header for querying Windows Live™ services like Spaces Photos or Contacts for example.

In a next post, I will discuss what the options are for Web authentication - you'll be discovering options not even mentioned on MSDN.