Collecting User Data Example
.jpg)
Collecting User Data Example
The following are the basic coding steps used to access user data from the Profile property of the Passport Manager object:
Prevent caching.
Microsoft® .NET Passport participating sites should construct their code so that HTTP proxies for a user will not cache the user's personal data under any circumstances. Depending on implementation and configuration, certain proxies will cache requests even when they should not. Your site can prevent these problems by using one of the following strategies.
Setting Custom Headers
Set headers specifically to disable caching for HTTP 1.0 and 1.1 with a Pragma directive, Cache-control directive, and an Expires directive with a date in the past. Include the following text lines directly in custom headers on your servers:
"Pragma: no-cache\r\ncache-control: private\r\nCache-control: private\r\nExpires: Fri, 01 Jan 1999 12:00:00 GMT\r\n"
Pragma: no-cache follows HTTP 1.0 protocol, whereas the two Cache-control directives (the second to account for possible case-sensitive implementation) and the client-side Expires directive are HTTP 1.1. This should disable caching for all common proxy implementations and configurations that follow HTTP standards.
Setting Equivalent Headers Using ASP
Your site can specifically set headers for an individual page by using the following Active Server Pages (ASP) code, instead of manipulating the HTTP response directly.
<% Response.Cachecontrol="private" Response.Expires=0 Response.AddHeader "pragma", "no-cache" %>
If you use ASP to set headers, make sure to do so before any HTML is sent, or use buffering to ensure that no HTML is sent before the header is formed. Buffering will be on by default in Microsoft® Internet Information Services (IIS) 5.0. Be aware that using ASP methods to set headers may duplicate any existing IIS custom header properties of sites or pages, effectively causing the header directives to be written twice.
Make sure the user is signed in.
Use the HasTicket property of the Passport Manager object to check this. For information about establishing whether a user is signed in, and redirecting to the .NET Passport Login server, see Single Sign-In Overview.
Get the user's .NET Passport Unique ID (PUID).
The PUID is obtained by calling the HexPUID method.
Alternatively, the PUID can be obtained by calling the Profile (Read) property for the attributes MemberIDHigh and MemberIDLow. The values returned are decimal and should be converted to hexadecimal before combining them to form a single identity.
Get any other attributes that the site requires.
Other attributes are also retrieved using the Profile property. For a list of the .NET Passport profile attributes, see Core Profile Table. Remember that, except for MemberIDHigh, MemberIDLow, and BDay_Precision (for Microsoft® Kids Passport), any one of a user's attributes could potentially be null or an empty string.
Example Code for User Data Access
The following shows the outline of ASP code that illustrates these steps.
<%
' prevent page from being cached.
because you are displaying user data
Response.Cachecontrol="private"
Response.Expires=0
Response.AddHeader "pragma", "no-cache"
' this code assumes other code that signs user in,
' but calling HasTicket as a failsafe
' assumes oMgr (PassportManager object) already created
If oMgr.HasTicket Then
Dim nickname, memberidhigh, memberidlow
memberidhigh = oMgr.Profile("MemberIDHigh")
memberidlow = oMgr.Profile("MemberIDLow")
' now do something with these two values as a combined PUID
' to uniquely identify this user in your system
nickname = oMgr.Profile("Nickname")
If nickname <> "" Then
Response.Write "Hello, " & nickname & ".<P>"
Else
Response.Write "Hello, Passport user.<P>"
End If
End If
%>
See Also