Click here to download the sample code

Ever wondered if there was a programmatic way to connect your web site with Live Mesh and other Live Services? Your Web site can request permission from your users to access their Live Mesh data such as photos, videos files or application data or Windows Live data such as Contacts and Profile information. Live ID Delegated Authentication serves to enable a Web site to connect to the Live Framework and provide access to a user’s data. The sample code featured in this posting uses a a simple ASP.NET Web application to demonstrate the basic tasks involved with using delegated authentication in conjunction with the Live Framework. This posting contains instructions for deploying and running the sample.

Before You Start

  • You need to have a provisioned to the Live Framework Developer CTP account to run this sample. Visit https://lx.azure.microsoft.com to sign in using your token. If you don't have a token, please register your interest here http://www.microsoft.com/azure/register.mspx. The rest of this document assumes you are already provisioned to the Live Framework CTP.
  • Download and install the Live Framework SDK here: http://dev.live.com/liveframework/sdk/.
  • Visit your Live Desktop and create some content for this application to access. A couple of Live Mesh folders is a good start.

To Create a new Web site using the Developer Portal

Before you add Delegated Authentication to your Live Framework-enabled Web site you first need to visit the Azure Services Developer Portal (https://lx.azure.microsoft.com/Cloud/Provisioning/Default.aspx) to register the Website. Take the following steps to register:

  1. Go to the Azure Services Developer Portal.
  2. Click New Project.
  3. Under Azure Services Platform, click Live Services: Live Framework Community Technology Preview.
  4. Enter a label and optional description for your project, then click Next.
  5. Select the Create a Live Framework-enabled Website option, and click Create.
  6. Click the Summary tab to view a summary for the newly created project.
  7. Click Edit next to Delegated Authentication to add your domain and return URL to the configuration settings. For example:
    MyDomain.com
    http://www.MyDomain.com/MyWebsite/delauth-handler.aspx
    If you are testing your Website locally, you need to locate your hosts file (for example C:\WINDOWS\system32\drivers\etc\hosts), and add an entry to redirect the domain to localhost, as shown here: 
    127.0.0.1    MyDomain.com
    This does not have to be an actual domain, but it does have to be unique for the Website you're registering. The hosts entry causes your local web server to redirect the response from the authentication server to localhost. If you are behind a proxy server, you will need to add the domain you chose to the exclusion list.
  8. Copy the following items from the summary page, and paste them into a text file for later use, along with the domain name and return URL you specified.
    • Application Self Link
    • Application ID
    • Secret Key
    • Domain name
    • Return URL
  9. Click Update to add the configuration settings.

To Add the Live Framework References

Prior to running the sample, you will need to open the project in Visual Studio and add the appropriate references for the Live Framework assemblies. Here's how to do it:

  1. Open the project in Visual Studio.
  2. Right-click the project name and select Add Reference.
  3. Click the Browse tab and navigate to the installed location for the Live Framework .NET assemblies (for example C:\Program Files\Microsoft SDKs\Live Framework SDK\v0.9\Libraries\.Net Library).
  4. Select the following files:
    • Microsoft.LiveFX.Client.dll
    • Microsoft.LiveFX.ResourceModel.dll
    • Microsoft.Web.dll
  5. Click OK to add the references to the project.

To Run the Sample

There are two options here, you can either deploy the sample site on a live Web server, or test it on your local computer. If you plan to deploy the site on a live Web server, you should do so before proceeding any further. Deploy the sample to your web server as you would do so for any ASP.NET Website.

If you want to run it locally, create a folder at C:\InetPub\wwwroot\LiveFX_DelAuth, and unzip the contents of the archive to that folder. The next section contains instructions for setting up your domain and return URL so that it will work in a testing environment. This example assumes that you are using Internet Information Server.

Deploy and Register the Sample Site

Update the web.config File

The WindowsLiveLogin class requires updating the configuration settings to the web.config file for the project. Add the appSettings tag, and add the following key-value pairs:

Key Value
wll_appid The application ID provided by Azure Services.
wll_secret The secret key provided by Azure services.
wll_securityalgorithm The security algorithm should be set to "wsignin1.0".
wll_returnurl The full return URL for the authentication handler page. In this sample, the name of the page is "delauth-handler.aspx".
wll_consenturl The URL for the consent page. In this sample, " developer.mesh-ctp.com/web/apps/appconsent.aspx " is used.
wll_policyurl The URL for the Website's privacy policy page. In this example the page can be a blank placeholder, but in a live deployment this page must contain an actual privacy statement.
wll_appurl This is the relative self-link that is used by Live Framework to reference your application. This value is provided for you by the Azure Services Developer Portal when you register your Mesh Application. If you are not using a Mesh Application, this key is not required. This value should be a relative URL, starting with Mesh/Applications. If the Azure Services Developer Portal lists a longer URL, then remove the beginning portion. In this example, it is "/Mesh/Applications/[value for ID]".

This is the relative self-link that is used by Live Framework to reference your application. This value is provided for you by the Azure Services Developer Portal when you register your Mesh Application. If you are not using a Mesh Application, this key is not required. This value should be a relative URL, starting with Mesh/Applications. If the Azure Services Developer Portal lists a longer URL, then remove the beginning portion. In this example, it is "/Mesh/Applications/[value for ID]".

For example:

<appSettings>

   <add key="wll_appid" value="000000004863583G"/>
   <add key="wll_secret" value="KfMbFMkVx95G4prAxF64gW78A3bK65HT"/>
   <add key="wll_securityalgorithm" value="wsignin1.0"/>
   <add key="wll_returnurl" 
value="http://MyDomain.com/MyWebsite/delauth-handler.aspx"/> <add key="wll_policyurl"
value="http://MyDomain.com/MyWebsite/Policy.aspx"/> <add key="wll_consenturl"
value="developer.mesh-ctp.com/web/apps/appconsent.aspx"/> <add key="wll_appurl"
value="/Mesh/Applications/FAQ1234B47ZENA5P2GWFSJRLUV"/> </appSettings>

Summary of Sample Website Features

Default.aspx/Default.aspx.cs

This page, and its accompanying code-behind page, contain code that checks for a session cookie with a delegated authentication token. If a token is not found, a link to the consent page is provided. This sample uses session cookies for the sake of brevity; you can substitute standard site cookies instead. If a token exists (which will be the case immediately after requesting consent), the token itself is displayed on the page, and a link is displayed to connect to the Live Operating Environment.

delauth-handler.aspx.cs

This is the page that handles the return request from the server. If the request is of type "delauth" it calls WindowsLiveLogin.ProcessConsent, passes the results of the form, and returns a consent token. The delegation token is then extracted from the consent token and added to the Session cookie.

WindowsLiveLogin.cs

This class is taken directly from the Windows Live ID Delegated Authentication SDK, and added to the App_Code folder for this sample. It provides the basic functionality for managing authentication data.

Running the app

  1. Click the link to request consent. Enter your Windows Live credentials if prompted.
  2. In the Access Permission section, scroll down to where it says Read access to the following MeshObject, click Change, and select the Mesh objects of your choice.
  3. Click OK, then click Allow Access.
  4. You will be returned to your Web site. The page now displays the delegated authentication token and a link.
  5. Click the link to connect to the Live Operating Environment. This initiates a request to display the names of your Mesh objects.

For More Information, see:

Accessing Existing Resources by Using Delegated Authentication (http://msdn.microsoft.com/en-us/library/dd217567.aspx)

Windows Live ID Delegated Authentication SDK for Application Providers (http://msdn.microsoft.com/en-us/library/cc287637.aspx)