IPassportCrypt Interface
IPassportCrypt Interface
The IPassportCrypt interface is used to locally encrypt or decrypt information that would be stored as local cookies or sent between site pages on a query string. This enables a participating site to enforce the same security rules locally that the Microsoft .NET Passport network enforces when transmitting profile information through HTTP. In general, it is advised that any local core profile information be encrypted and decrypted if it would otherwise be visible to the user as clear text, or if .NET Passport profile information is stored in cookies other than .NET Passport cookies. The Passport Crypt object has the following capabilities:
- Encrypts data using the same participant key that is used to exchange .NET Passport information sent to the .NET Passport network.
- Decrypts data using the same key.
- Provides compression/decompression helpers that improve the storage efficiency of encrypted data.
Header Files
The .NET Passport header file, passport.h, can be found in the \include subdirectory. The .NET Passport library file, passport.lib, can be found in the \lib\x86 subdirectory.
#import Using Visual Studio
You can access the IPassportCrypt interface through the MSPPMGR.DLL, using Microsoft Visual C++ and the #import directive. There are several attributes that must be set correctly in order for the IPassportCrypt interface to be usable in a general namespace using the syntax described here. The following is the recommended attribute syntax for the #import directive:
#import "[path\]msppmgr.dll" named_guids raw_interfaces_only no_namespace
- named_guids allows the compiler to access the two key globally unique identifiers (GUIDs) included in the embedded .NET Passport type library: CLSID_Crypt and IID_IPassportCrypt.
- raw_interfaces_only specifies to skip writing wrapper functions for the IPassportCrypt methods and exposes the underlying methods directly. You must do this to allow HRESULTs to be returned, and to make method calls conform to the syntax given in this reference.
- no_namespace places all imported methods in the general top-level namespace for your project. This way you always have access to the IPassportCrypt methods and properties. You could otherwise specify an easy-to-remember namespace with rename_namespace (for example, rename to "Passport") in order to keep IPassportCrypt implementation distinct in your code.
For a full code sample of instantiating the Passport Crypt object through the Component Object Model (COM), see Passport Crypt Object.
IPassportCrypt Interface Methods
IPassportCrypt::Compress Given a BSTR string, compresses the string into a multi-byte representation of the same string. IPassportCrypt::Decompress Decompresses data that has been compressed by the Compress method. Given a string, decompresses the string from a double-byte representation of the same string. IPassportCrypt::Decrypt Decrypts data encrypted with IPassportCrypt::Encrypt, using the same key. IPassportCrypt::Encrypt Encrypts data using the same participant key that is used to exchange .NET Passport information sent to the .NET Passport network. IPassportCrypt::get_IsValid Determines whether the key used for encryption and decryption is valid and whether the Passport Crypt object is created correctly. IPassportCrypt::put_Host Sets the key being used by the current Passport Crypt object by referring to the host name or IP number being used by the desired installation. This property should be used only if the Passport Manager in your installation is expected to handle requests from multiple sites in multiple keys. IPassportCrypt::put_Site Sets the key being used by the current Passport Crypt object by referring to the site name label assigned to that key when the key was first installed. This site name should match the site name used for configuration settings in the Passport Manager Administration utility. This property should be used only if the Passport Manager in your installation is expected to handle requests from multiple sites in multiple keys.
Information
Implementation Passport Crypt object Inherits from IDispatch Header and IDL files passport.h, passport.idl Minimum operating systems Windows NT4 SP4 Server, Windows 2000 Server
Configuring Multiple Sites
If your site shares a common Site ID and encryption key, and if no servers in your installation serve Passport Manager for multiple sites on one physical box, the Passport Crypt object can be instantiated either in page or session/application scope. However, if you have servers configured to handle multiple sites, and each site uses a different encryption key, then Passport Crypt must be able to switch keys. In Active Server Pages (ASP), this issue is taken care of by handling the built-in OnStartPage method to set the keys. If OnStartPage is not being called, then the correct key should be set by using the IPassportCrypt::put_Host or IPassportCrypt::put_Site methods. For more information about establishing multiple sites on a single server box, see Configuring Multiple Sites.
See Also
Passport Manager Administration Utility | IPassportCrypt::put_Host | IPassportCrypt::put_Site