Condividi tramite


Appendix I: Passport Manager Administration

Applies To: Windows Server 2003 with SP1

The following appendix provides information about:

  • The benefits and purposes of Passport Manager Administration

  • Using Passport Manager Administration in a managed environment

  • Resources for learning about Passport Manager Administration

Benefits and Purposes of Passport Manager Administration

Passport Manager Administration is a utility designed for use on Web sites on which you want to use Microsoft .NET Passport for authentication. In Microsoft Windows Server 2003 family operating systems, Passport Manager Administration provides a graphical-interface alternative to editing the registry to change Passport Manager object settings. The most common use of the Passport Manager Administration utility is to change the default object settings that Passport Manager methods use if certain optional parameters are omitted when the methods are called.

Although some parameters of Microsoft .NET Passport methods are listed as optional, these methods still generate URLs or results that reflect inherent default values when called. These default parameter values can be used to provide consistent values for your Web site, such as the required time window within which all users must be authenticated.

Primary default object settings that affect Passport Manager implementation include: Time Window, Force Login, and Language ID.

Using Passport Manager Administration in a Managed Environment

By configuring options in Passport Manager Administration to work with software on your Web site, you can control how Web browsers are authenticated to your Web site. With Passport Manager Administration, you can configure the settings for cookies, such as choosing to disable the use of cookies. You can also choose to have cookies deleted once users sign out of your Web site. (Cookies are a form of data passed both ways between Web browsers and servers. Cookies sent to a user's browser have some implications for privacy.)

To ensure that cookies are deleted when users sign out of a Web site, make sure the following conditions are met:

  • The Site ID value in Passport Manager Administration should be the value given to you when you received your Passport encryption key.

  • The path and file name of the page to which cookies are written (specified in Passport Manager Administration) should match the ExpireCookieURL provided when you registered your site. Also, if cookies are written to a page in a subdomain of your own domain, you should precede the domain path with a dot (".").

  • The path to the page where cookies are written should be the root directory of the Web site. This ensures that cookies written to all possible paths are deleted. If this is not done, not all the cookies may be deleted.

  • If your site uses multiple servers with Passport Manager installed on them, you should verify that all of the servers are writing the cookies to the same domain and path.

You can find additional information about Passport Manager Administration at these sites: