Stand-Alone Mode
Stand-Alone Mode
Passport Manager stand-alone mode was created for use in the event of a long-term outage of Microsoft® .NET Passport network servers due to extraordinary circumstances. In such circumstances, participating sites may need to disconnect temporarily from the .NET Passport network. The Passport Manager allows operators to shift into stand-alone mode. This mode can be set by an operator using the Passport Manager Administration utility.
What changes when Passport Manager is run in stand-alone mode?
When a .NET Passport-enabled site is shifted to stand-alone mode, the behavior of the Passport Manager and its application programming interface (API) are slightly altered. These behavioral differences are as follows:
- All existing Tickets are treated as if they never expire. Any use of the IsAuthenticated property always assumes that a valid Ticket is present locally.
- Any users without Tickets (for example, new users or users who need to sign in) are redirected back to the participating site instead of attempting to connect to the Login server. In other words, the AuthURL2 method returns the DisasterURL instead of the actual location of the Login server. DisasterURL can be specified using the Passport Manager Administration utility, and should point to a page on your site that explains that the .NET Passport network is temporarily down. A page referenced by DisasterURL could also be used to offer different pathways into your site that do not rely on .NET Passport single sign-in (SSI) authentication.
- The LogoTag2 method is rendered inoperable and always displays sign-in, which again links to the DisasterURL page served by your site.
- The LoginUser method is rendered inoperable and redirects to the DisasterURL page.
What happens if .NET Passport network servers are down but my site is not in stand-alone mode?
The following behavior will be observed if your site is not in stand-alone mode during .NET Passport network downtime:
- Any user who clicks a sign-in link may not be able to reach the Login server URL. As a result, the user cannot refresh the Ticket or Profile.
- If your site's SSI authentication code requires a recent Ticket, users would be "locked out" of your site until the Login server is able to issue Tickets again.
- If your site's SSI authentication code will accept any Ticket, no matter what its timestamp, this issue may not affect you as long as the user has a previous Ticket issued by your site. But if that user has not yet been authenticated on your site and has signed out of .NET Passport at any time, a round-trip to the Login server is needed in order to write the initial Ticket to your site's domain, even if your site accepts any value timestamp.
As soon as the .NET Passport network servers are back up and running again, Microsoft .NET Passport will send out an Internet Broadcast to all participating sites notifying them of the recovery. Participating sites can then shift back into the network mode by unchecking the stand-alone mode setting in the Passport Manager Administration utility.
Notes
- If the .NET Passport network servers are down and your site is in stand-alone mode, the HTML segment produced by the LogoTag2 method might also point to an image file that cannot be accessed while the .NET Passport network is down. However, the .NET Passport images are served from a separate domain, so it is possible that the image can be accessed even though the Login server itself cannot be accessed. Even if the image is missing, LogoTag2 alt text will continue to appear, stating, "Click here to sign in to .NET Passport."
- The DisasterURL provided must be a complete URL entry including a specific file (for example, https://[yoursiteServer]/standalonemode.asp).
- If a participating site is converted to stand-alone mode, the site essentially stops sending requests to the .NET Passport network servers. Performance counters continue to work, but they reflect all sign-in attempts as successful.
See Also
Passport Manager Administration Utility | Performance Counters | Manager.IsAuthenticated | Manager.AuthURL2 | Manager.LogoTag2 | Manager.LoginUser