Share via

IPassportManager Interface

  • Article

IPassportManager Interface

The IPassportManager interface is the primary interface for the Passport Manager object. The Passport Manager object is a server-side object for Microsoft .NET Passport single sign-in (SSI), which uses cookies and query string data as intermediaries for querying a central user store.

The Passport Manager object can also access a second-generation interface, IPassportManager2, or third-generation interface, IPassportManager3, once queried for. These interfaces are used to call some of the recently added client-aware authentication application programming interfaces (APIs).

The Passport Manager object has the following capabilities:

  • Provides an embedded encryption service that protects users' data without requiring additional work. The encryption/decryption logic is handled automatically as part of the Passport Manager object's built-in methods.
  • Handles all the .NET Passport cookie setting, parsing, and expiration logic so that participating sites do not need to access the .NET Passport-specific cookies using Request.Cookies or HTTP/ISAPI coding.
  • Silently contacts the network Nexus to determine the current configuration of the network, including required service URLs and the current Profile schema, and writes a local Component Configuration Document (CCD).

Accessing IPassportManager Methods from C++ Code

Header Files

The Passport header file, passport.h, can be found in the \include subdirectory. The Passport library file, passport.lib, can be found in the \lib\x86 subdirectory.

#import Using Visual Studio

You can access the IPassportManager interface through the MSPPMGR.DLL, using Microsoft Visual C++ and the #import directive. There are several attributes that must be set correctly in order for the IPassportManager interface to be usable in a general namespace using the syntax as described here. The following is the recommended attribute syntax for the #import directive:

#import "[path\]msppmgr.dll" named_guids raw_interfaces_only no_namespace
  • named_guids allows the compiler to access the two key GUIDs included in the embedded .NET Passport type library: CLSID_Crypt and IID_IPassportCrypt.
  • raw_interfaces_only specifies to skip writing wrapper functions for the IPassportManager methods and exposes the underlying methods directly. You must do this to allow HRESULTs to be returned, and to make method calls conform to the syntax given in this reference.
  • no_namespace places all imported methods in the general top-level namespace for your project. This way you always have access to the IPassportManager methods and properties. You can otherwise specify an easy-to-remember namespace with rename_namespace in order to keep IPassportManager implementation distinct in your code.

You must have the MSPPMGR.DLL available on the development computer to #import it. For a full code sample of instantiating the Passport Manager object through the Component Object Model (COM), see Passport Manager Object.

IPassportManager Interface Methods

IPassportManager::AuthURL

Returns a string containing the Login server URL for a user's domain, as well as optional information sent to the Login server in the query string.

IPassportManager::Commit

Deprecated in version 2.0. Do not use.

IPassportManager::DomainFromMemberName

Returns a user's domain authority name as a string.

IPassportManager::GetDomainAttribute

Provides information for a particular .NET Passport domain by querying the Passport Manager for the requested domain attribute.

IPassportManager::get_Error

Returns any error code in the Ticket cookie or in Ticket information on the query string.

IPassportManager::get_FromNetworkServer

Determines whether the containing page has valid Ticket information on the query string.

IPassportManager::get_HasSavedPassword

Determines whether a user is saving his or her password on the .NET Passport Sign-in page.

IPassportManager::get_HasTicket

Returns whether a user has a .NET Passport Ticket (but does not check the Ticket's timestamps).

IPassportManager::get_Profile

Retrieves the value of a named attribute from a user's core profile.

IPassportManager::get_TicketAge

Retrieves the amount of time, in seconds, that has passed since a user's Ticket was issued or refreshed.

IPassportManager::get_TimeSinceSignIn

Retrieves the amount of time, in seconds, that has passed since a user's manual sign-in to a .NET Passport Login server. This checks the sign-in timestamp provided in the .NET Passport Ticket cookie.

IPassportManager::HasFlag

Not implemented. Use IPassportManager::get_Error instead.

IPassportManager::HasProfile

Determines whether a user has profile data already available in the query string or a cookie.

IPassportManager::HaveConsent

Returns whether a user has consent for purposes of Microsoft® Kids Passport authentication.

IPassportManager::IsAuthenticated

Determines whether a user has a valid, unexpired .NET Passport Ticket cookie in the caller's domain.

IPassportManager::LogoTag

Returns an HTML snippet that includes an IMG source string for a .NET Passport link. The link image displays either Sign In if no valid Ticket cookie is detected or Sign Out if a valid Ticket cookie is detected.

IPassportManager::OnStartPageASP

Instantiates Passport Manager objects created by Passport Factory.

IPassportManager::OnStartPageECB

Entry function for Passport Manager object when interacting with an ISAPI extension. Declares a buffer used to read or write the cookie input and output of the Passport Manager object.

IPassportManager::OnStartPageFilter

Enables creating an ISAPI filter that interacts with Passport Manager. Requires a pointer to the HTTP_FILTER_CONTEXT structure obtained through an HTTP filter's entry functions.

IPassportManager::OnStartPageManual

Deprecated in version 2.0. Do not use.

IPassportManager::put_Profile

Deprecated in version 2.0. Do not use.

Information

Implementation Passport Manager object
Inherits from IDispatch
Header and IDL files passport.h, passport.idl
Minimum operating systems Windows NT4 SP4 Server, Windows 2000 Server

Configuring Multiple Sites

If your site shares a common Site ID and encryption key, and if no servers in your installation serve Passport Manager for multiple sites on one physical box, the Crypt object can be instantiated either in page or session or application scope. However, if you have servers configured to handle multiple sites, and each site uses a different encryption key, then the Crypt object must be able to switch keys. In Active Server Pages (ASP), this issue is taken care of by handling the built-in OnStartPage method to set the keys. If OnStartPage is not being called, then the key should be set by using the IPassportCrypt::put_Host or IPassportCrypt::put_Site methods.

See Also

IPassportManager2 Interface | IPassportManager2::AuthURL2 | IPassportManager2::LogoTag2 | IPassportManager::get_Error | IPassportCrypt::put_Host | IPassportCrypt::put_Site | Configuring Multiple Sites | IPassportManager3 Interface