Passport Manager Built-In Methods
.jpg)
Passport Manager Built-In Methods
The Passport Manager object has built-in capabilities that are not part of the application programming interface (API) and cannot be invoked through code. As an ISAPI programmer or Web developer, you do not need to worry about the following aspects of Microsoft® .NET Passport single sign-in (SSI) and the Passport Manager object, because they are built in to the object when used in an Active Server Pages (ASP) context:
Passport Manager Reads or Sets .NET Passport Cookies
Although several Passport Manager methods are used to read or set the Profile or Ticket cookies, you do not need to write custom code for a page that looks for these cookies in the Request.Cookies or Response.Cookies collections through ASP. You also do not need to access the HTTP buffers through custom code. The Passport Manager object detects its own cookies in the calling domain and reads and writes to them appropriately.
Consistent Sign-In UI
All code and pages used for sign-in are contained on the .NET Passport Login server. Passport Manager methods create the URLs that are used to redirect the user to the appropriate .NET Passport network server. In addition, Passport Manager methods, such as LogoTag2, always point to an appropriate URL. After performing the requested action, the Login server uses parameters of Passport Manager methods to return the user to the page where the method was first called (or another page, if desired). If sign-in UI is being handled by a .NET Passport-aware client, then Passport Manager (in conjunction with the MSPPFLTER.DLL ISAPI filter) handles the request such that the client shows the UI and does not call the network version.
Core Profile Retrieval or Query String Parsing
Profiles initially arrive on a browser through the query string returned from the network server. After Passport Manager writes the core profile as a cookie that is readable on the calling domain, core profile attributes are read by checking the Profile property of the Passport Manager object. The Profile and Ticket cookies are encrypted, so they cannot be read directly on either the server or the client.
Refreshing User Credentials
All code and pages used to actually refresh credentials and revalidate sign-in are contained on the .NET Passport Login server; as a participating site, however, you must include some simple Passport Manager methods to determine when and where in your site such validation is required. Methods such as LogoTag2 and AuthURL2 typically write out HTML snippets that generate variables for the query string sent to the Login server. The Login server is contacted only when necessary (for example, when triggered either through scripting or events on a page). Many validation tasks can be taken care of by checking the local Ticket first, and do not require a server roundtrip each time. You can control conditional specifics of validation through the Passport Manager method parameters.
Passport Manager Object Initialized on Each Page Load
The Passport Manager object includes OnStartPage and OnEndPage event methods to automatically get references to internal ASP server objects on each page load and clean up references on each unload. Objects created through Passport Factory object do not have proper context on creation, and must be initialized through calling OnStartPageASP before use.
Network CCD Updates
The Passport Manager object is capable of receiving periodic or as-needed updates to the Partner.xml Component Configuration Document (CCD) document that specify important .NET Passport configuration issues, such as service URLs and schema specifications.
Core Profile Attribute Additions
By rewriting the core schema in the CCD, the Passport Nexus can also dynamically update the attributes of the core profile across all .NET Passport-implementing sites without requiring a code patch or download. Attributes will only be added; they will never be changed or deleted so as to always maintain backward compatibility in the core profile.
See Also