Compartilhar via


Account Removal Page

Account Removal Page

One of the stipulations of some children's privacy laws, such as the Children's Online Privacy Protection Act (COPPA), is that parents must be able to access and remove all of the personal information that a site stores about their child. The Account Removal page exists specifically to meet the second part of this requirement. You provide a URL to this page when you register your site.

Before your Account Removal page deletes a child's data, use the kppvc parameter to do the following:

  • Be sure that the user is authenticated.
  • Determine which child's personal information record is to be deleted.
  • Verify that the user is actually the parent of the child whose personal information record is to be deleted.

For information about the kppvc parameter, see Verifying the Parent-Child Relationship.

After these checks have been made, your Account Removal page must delete the child's personal information record from your database. If the deletion request was successful, your site should display the same check-mark image that is displayed by the cookie-deleting page. For more information, see Implementing Sign-Out and Deleting Cookies.

If your Account Removal page resolves to anything other than an image file, the Microsoft® Kids Passport site displays an image indicating failure. This can be either a default failure image or one of your own design.

Your Account Removal page code should set the MIME type to be a valid image type, such as "IMAGE/GIF". If you do not explicitly set the MIME type to a valid image type, some browsers, including Microsoft® Internet Explorer 5.01 or later, will report a security violation and will not load the image.

The following code sample shows how to perform the checks described earlier and resolve to an image file. It also sets the MIME type to a valid image type.

<%
Response.ContentType = "IMAGE/GIF"

' Global variables to store the values in kppvc.
dim cmidh, cmidl, pmidh, pmidl, cas

Set oMgr = Server.CreateObject("Passport.Manager")

Sub Validate_Parent_Account_Removal

    ' Verify that the user is authenticated and kppvc is present
    If Request("kppvc") <> "" And oMgr.IsAuthenticated(600) Then

        ' For the implementation of this subroutine, see Verifying the Parent-Child Relationship.
        Call Get_kppvc_Values
 
        ' Compare the current user's PUID to the parent's PUID from kppvc.
        ' Remember that the PUID from kppvc is in hexadecimal format.
        If (Hex(oMgr("MemberIDHigh")) = pmidh) And (Hex(oMgr(MemberIDLow)) = pmidl) Then
            ' We've now verified that the user is signed in with a fresh ticket, and that
            ' the user matches the parent that is linked with the child.
            If Delete_Child_Data() Then
                %>
                <!--#include file="success_check_mark.gif"-->
                <%
            End If
        End If
    End If

    ' The default action if there is a problem is to do nothing and not return an image.
    ' If no image is returned, the Kids Passport site will display
    ' a default image that indicates failure.

End Sub

Function Delete_Child_Data

    ' The child's PUID is specified in the cmidh and cmidl variables.
    ' Insert code here that accesses that deletes the child's personal information record from
    ' your database.

    ' If the deletion is successful, return true. Otherwise, return false.
    Return True 

End Function
%>

Remarks

Your Account Removal page should be served through HTTPS. Because the Kids Passport site serves its pages through HTTPS, if any part of your Account Removal page (including cobranding material) is not served through HTTPS, the user's browser will display mixed-security content warnings, which will result in a poor user experience.

See Also

Registering Your .NET Passport Site