Compartilhar via

Domains and Consent

  • Artigo

Domains and Consent

Microsoft® Kids Passport uses a Consent cookie, "MSPConsent", to provide information about consent status. Consent cookies can be written to a domain and path different from that which is used for Profile and Ticket cookies. This feature is useful if you host multiple sites that share a common secondary domain name and you use Microsoft® .NET Passport as the common authentication mechanism across these sites. Each site might provide content for different audiences, and may potentially need to handle consent in different ways. In such a case, it is useful to have the ability to write the Profile and Ticket cookies to the secondary domain name, but write the Consent cookie to a tertiary or deeper domain name.

For example, MSN® hosts several different sites on the secondary domain, .msn.com. Each of these sites has its own tertiary domain name, such as encarta.msn.com and zones.msn.com. When users sign in, Profile and Ticket cookies are written to the .msn.com domain, but Consent cookies are written to a specific site, such as encarta.msn.com. A parent might grant consent to encarta.msn.com, but not to zone.msn.com. In this case, even though the child might be authenticated on the .msn.com domain, zone.msn.com would not have access to the child's profile that is shared through cookies written to the .msn.com domain.

Important  To support Consent cookies, a flag must be set in the registration profile that the .NET Passport service maintains for your site. If you plan to use Consent cookies, you must notify your .NET Passport representative.

To enable Consent cookies

  • Use the Passport Manager Administration utility to establish cookie domains and paths for each of your sites.

    For each Web site, set the Cookie Domain and Cookie Path to the common path and secondary domain. Set the Consent Cookie Domain and Consent Cookie Path to a be specific to each site. The value for Consent Cookie Domain should be unique for each site.

    Note  All cookie domains that you specify must fall within the domain that you specified when you registered your site for .NET Passport single sign-in (SSI).

    After you have specified the cookie settings for each site, ensure that your sign-out code correctly deletes cookies, including "MSPConsent", when a user signs out of .NET Passport.

If you do not host multiple sites and do not need a separate cookie to be written for consent, use the Passport Manager Administration utility to specify that cookies should be written to your domain, but do not specify a domain or path for Consent cookies. In this case, consent is global across your site, and the Passport Manager obtains consent status from the user's profile. The Consent cookie is not needed, and therefore is never written.

See Also

.NET Passport Cookies | Passport Manager Administration Utility | Implementing Sign-Out and Deleting Cookies