Compartir a través de

Deploying Passport Manager and Site Code

  • Artículo

Deploying Passport Manager and Site Code

Most Microsoft® .NET Passport participating sites that are initially developing code are deployed against the Preproduction (PREP) environment. This configuration was selected when the .NET Passport Software Development Kit (SDK) was first installed on your development test server. Participating sites that intend to launch a live site now have several steps to follow before the code that works against the PREP environment can be deployed on a "live" server on the participating site and be configured against the Production environment instead.

To deploy code for a .NET Passport participating Web site

  1. Complete all development and testing against the PREP environment.

    The PREP environment is provided for participating sites to work the bugs out of their .NET Passport implementation code and verify that authentication, profile retrieval, and other uses of .NET Passport services are working as expected. Perform a thorough check of your PREP site before following the remainder of these steps. As part of the approval process for obtaining a Production encryption key, Microsoft .NET Services personnel will conduct a compliance review of your site as it currently exists (deployed against the PREP environment).

  2. Using .NET Services Manager, correct URLs so that your implementation can run in the Production environment.

    You may have submitted one or more of the following URLs when you registered your site.

    • Customer Support URL
      A URL where users can get support or assistance regarding your site. This is used to provide a cross-link from .NET Passport pages, such as the Sign-in page.

    • Default Return URL
      The URL of a "home" or "default" page for your site. This is also used for cross-linking, and is used as a fallback address if your site directs the user to a .NET Passport service but fails to provide a specific URL to which the user should be returned after the service has processed the user's request.

    • Expire Cookie URL
      The specific URL of a page served from your domain and containing code that deletes a user's cookies written into your domain. Such a page is required so that after a user signs out of the .NET Passport network, that user is also signed out of all .NET Passport participating sites. The user's Profile information is not accessible through the .NET Passport cookies until that user signs in again. For more information, see Implementing Sign-Out and Deleting Cookies.

      This URL will probably be different in a "live" setting as opposed to the setting in which the code was developed and tested against the PREP environment.

    • Cobrand URL
      The URL to your site's cobranding template.

    • Cobrand Image URL
      The URL to your site's logo, which will appear in the upper-left corner of all .NET Passport pages that you can cobrand.

    • Cobrand Image2 URL
      The URL to your site's logo, which will appear at the top of the .NET Passport Credential dialog box.

    • Cobrand Image HREF
      The URL that users are directed to if they click your site's logo.

    • Cobrand CSS URL
      The URL to your site's cascading style sheet used to cobrand .NET Passport pages.

    If your site uses Microsoft® Kids Passport service, you will have provided the following URLs when you registered your site:

    • Account Data URL
      The URL to a page used to change permissions on your site. For more information, see Account Data Page.

    • Account Removal URL
      The URL to a page used to delete data about a child. For more information, see Account Removal Page.

  3. Using .NET Services Manager, download an encryption key for the Production environment.

  4. Install Passport Manager on live servers.

    Installing Passport Manager requires that the server be taken out of the active rotation. Passport Manager can be installed to multiple computers across a local area network using a common configuration. The actual setup must be run from that physical computer (or through some other access means, such as Terminal Services or a remote command line) but can access the common setup file and setup configuration through a network file share. Command-line options in the .NET Passport SDK Setup.exe program enable you to save setup options as a script; this feature supports "silent" installs and setup to Production servers that install only Passport Manager and nothing else.

    The following is a brief syntax example that shows the basics of using the command line to run a previously recorded Passport Manager setup. Such a setup must have been recorded using the /r command-line option during setup. For more information about the .NET Passport SDK Setup command line, see Deploying Passport Manager to Servers.

    setup.exe /s /f1\\sharehost\share\setup.iss

    This example runs Setup.exe from a share, sets the silent setup option using the /s switch, and specifies a playback file to read for configuration information during setup with the /f1 flag and the following file name. In this case, "\\sharehost\share\setup.iss" represents a previously recorded setup where the desired options (such as installing Passport Manager only) were specified manually in order to record a setup playback file.

  5. Install the Production encryption key.

    Run the key installation program. Follow the instructions provided on the Download Key page.

    The following steps describe how to install keys and configure settings on one or more remote computers from a common workstation. This common workstation must itself have Passport Manager installed in order to enable remote administration of Passport Manager configuration in steps 5-8. For this example, assume that the key installation program you received is named "partner1000_1.exe" and the remote computer to which keys and Site ID settings are to be applied is named \\server1 on the local network.

    1. If Microsoft® Internet Information Services (IIS) are running on the server that is being configured, stop the IIS Admin process.

    2. Open a command-line window on the computer where the key installation program is kept and change to the directory that contains it.

    3. Enter the following: partner1000_1 /addkey /m \\server1

      This records the encrypted key in the registry, with the /m flag specifying a remote computer on the local network.

    4. Enter the following: partner1000_1 /makecurrent /t 0 /m \\server1

      This enables the newly installed key immediately, with no overlap where both the previous key and the new key would be accessible for use when decrypting cookies.

    5. From the Start menu, click Programs, Microsoft Passport, Passport Manager Administration Utility.

    6. From the Computer menu of the Passport Manager Administration utility, click Select Server.

    7. In the Computer Name field of the Connect to Remote Web Server dialog box, type the name of the server where keys were just installed (in this example, "\\server1") and then click OK.

      The Passport Manager Administration utility will reset fields to represent the configurations on that remote server.

    8. Make sure the Site ID in the Site ID field is correct.

      If not, change it and then click the Commit Changes button. This is also a good opportunity to change other Passport Manager configuration settings, such as cookie paths, timewindow defaults, and so on. These settings can also be saved once and then loaded from a stored file rather than manually entered for each server configured in this way. For more information, see Passport Manager Administration Utility.

    9. Start the IIS Admin process on the server being configured.

    10. If the Cookie Domain or Cookie Path fields were modified to set cookies into a common domain that is appropriate for use against the Production environment, then the cookie-delete script used on this Passport Manager installation must also be modified so that cookies can be deleted from the same domains and paths by which they are now being set by Passport Manager. Otherwise, the cookies written to your site's domain will not be deleted from client browsers and will give both inaccurate representations of sign-in state and outdated Profiles. For more information, see Implementing Sign-Out and Deleting Cookies.

  6. Deploy your site's code and content to live servers.

    All code that was developed to use Passport Manager can now be deployed to your live servers. The Site ID number as configured in the preceding step may be useful in some of your site's code, for example, when linking to .NET Passport Member Services.

  7. Verify on live servers.

    Before placing the server into the live rotation, test the content on that server in isolation by accessing it by IP address or a private VIP. The Production setup still installs the "PassportTest" sample site virtual root, and this can be used to perform a basic "smoke test" of the installation. Load https://[server-ip]/passporttest/ into a browser. If the sign-in logo appears, sign in using a valid user name and view the resulting returned page. If the sign-in logo does not appear or if the sign-in does not return the expected profile, troubleshoot as necessary. For some specific requirements for testing against a .NET Passport server while accessing your servers by IP instead of host name, see Hosts, IP Addresses, and Testing.

    It is good practice to restart IISADMIN and initiate at least one request to a Passport Manager-enabled page for each server on a farm before putting it into service. This ensures that the server has the latest network map in its Component Configuration Document (CCD). The Partner.xml CCD as installed by Setup.exe is potentially older than the CCD describing the current network configuration. Loading the most current CCD before a page is loaded by a real user prevents a known issue in which the very first page view of a .NET Passport-enabled page on a newly installed .NET Passport server may load slowly because a current Partner.xml CCD must be downloaded from the .NET Passport network before the Passport Manager can return results. You can confirm that the latest version of the CCD has been loaded by checking the application event log for the following event:

    Event Number Event Description
    5002 CCD Doc was successfully loaded.

    This event fires each time the Partner.xml CCD is successfully loaded into memory.

Server Optimization

To improve the performance of servers running Passport Manager:

  • Set all content to expire to avoid caching old cookies or query strings. In an Active Server Pages (ASP) context, set Response.Expires = -1 at the top of pages.
  • Turn buffering on.
  • Turn sessions off.

See Also

.NET Passport Environments | Installing .NET Passport Encryption Keys