共用方式為

Implementing Mobile .NET Passport

  • 發行項

Implementing Mobile .NET Passport

Microsoft® .NET Passport supports .NET Passport single sign-in (SSI) on many mobile devices. This allows businesses to develop content for mobile devices and use .NET Passport to authenticate users of that content. This functionality is not available in earlier versions of .NET Passport, so participating sites that want to take advantage of mobile .NET Passport must use Passport Manager version 2.1.

Note  Only .NET Passport SSI is enabled for mobile devices at this time. Microsoft® Kids Passport cannot be implemented on mobile devices.

Device and Browser Support

The following table lists the mobile devices and browsers currently supported in the .NET Passport service.

Note  Any device running a WAP browser that supports SSL might work, but only the devices and browsers in the preceding list have been tested and are officially supported. Palm and Handspring devices are not officially supported.

Mobile .NET Passport Restrictions and Limitations

The .NET Passport Member Services site works on Pocket PC, although the size of the Member Services content has not been reduced for optimal display on the Pocket PC screen. Member Services is not supported on phones.

Using .NET Passport on Mobile Devices

Using .NET Passport on a mobile device Web site is very similar to using it on a regular, PC-based Web site. Passport Manager is used to authenticate users, but some small implementation differences exist when using .NET Passport on a mobile device instead of a PC. These differences are the result of the unique characteristics and limited capabilities of mobile devices. Among the issues of greatest importance are the use of cookies and the challenge of providing functionality on devices with limited memory and small screen sizes.

Persistent Cookies

On devices that support cookies, Microsoft .NET Passport automatically makes the .NET Passport Authentication cookie persistent upon user authentication. This keeps the user signed in across browser sessions. This is somewhat different on a PC, where a user is required to "opt in" to be automatically signed in across browser sessions. During evaluation of the efficacy of this persistent sign-in, two facts emerged as most important:

  • Signing in on phones is much more difficult than on a PC with a full keyboard.
  • In most countries/regions around the world, mobile phones are rarely shared devices.

The first of these points represents a challenge that appears likely to remain unsolved in the immediate future. The second—that mobile phones are generally not shared devices—also appears to be rather static and unlikely to change soon.

Microsoft .NET Passport can still function on devices or browsers that do not support cookies at all. However, the participating site must do some extra work to keep the user signed in from one page or card to the next.

In particular, when the .NET Passport Login server returns the user to the site's return URL, the return URL must take the t parameter (the Ticket) from the query string and append it as a query string parameter of any other HREF or POST URL on the page. The Passport Manager object looks for the ticket in both the MSPauth cookie and the t query string parameter. For devices that do not support cookies, Passport Manager uses the ticket on the query string. This practice helps the user to remain signed in from page to page while navigating within the site. However, without cookies, if the user navigates away from the site or turns off the phone, he or she must sign in again upon visiting the site the next time.

iMode Browsers

Setting the .NET Passport sign-in option iMode to true alerts the .NET Passport service that the client is a mobile device. The server will then minimize the amount of data sent to the client by omitting the profile data. Participating sites implementing Mobile .NET Passport for iMode browsers must issue the following command before AuthURL2 or LogoTag2 are called:

oMgr.Option("iMode") = True;

Profile Data

Many mobile phones have limited memory. This fact often severely restricts the total download size (page content plus headers), the cookie storage, and the URL length that the phone can handle. In order to function properly on these devices, Microsoft .NET Passport does not usually return the user's profile data (the p parameter on the URL or MSPProf cookie). The only browsers for which the profile data is returned are OpenWave (formerly phone.com) 3.x and Pocket PC/Stinger. This means that the mobile site using .NET Passport cannot rely on profile data being present, nor can it obtain the user's .NET Passport Unique ID (PUID) from the profile. Instead, you must use a new Passport Manager method called HexPUID to obtain the user's PUID from the ticket instead of from the profile.

Sign-In/Sign-Out Buttons

Given the small size of mobile phone screens and their limited capabilities for displaying images, Microsoft .NET Passport-enabled sites are not required to display the .NET Passport Sign In/Sign Out button on every page or card. (This exception does not apply to Pocket PC devices.) However, each participating site should create its own sign-in text link and use the LoginUser method to obtain the URL for the HREF attribute of the link. Sites are also required to have a sign-out text link somewhere within their site.

The URL for this link is obtained by calling the LogoutURL method in Passport Manager. Sign-out behavior on mobile phones is different from that on PCs.

ExpireCookieURL Behavior

Due to technical limitations of phone browsers, the same sign-out technique cannot be used on a mobile phone as is used on the PC. Signing out on a PC is done by a single page on the .NET Passport servers simultaneously loading the ExpireCookieURL page of each participating site for which the user is signed in. But on a phone, signing out is a "chained" process, where each site's ExpireCookieURL is called in succession. A new query string parameter is appended to the site's ExpireCookieURL to which the browser is redirected.

This parameter is ru and its value is a URL on the .NET Passport servers to which you must redirect after deleting the local .NET Passport cookies and any other site-specific cookies. This allows each site's ExpireCookieURL to be loaded in succession.

Note  The same ExpireCookieURL page can be used for both PCs and mobile phones. The only difference is that, in the case of mobile phones, the ru parameter is present and the site must redirect to it after deleting the cookies. One drawback to this approach is that if any ExpireCookieURL in the chain fails to load, or fails to redirect to the provided URL in the ru query string parameter, the chain is broken and a complete sign-out is not accomplished.

Signing In

Signing in on a phone using an e-mail address and password is extremely difficult because users have to "triple tap" letters and special characters on a small numeric keypad. Microsoft .NET Passport addresses this problem by allowing users to sign in using either an e-mail address and password or a phone number and numeric PIN. Existing .NET Passport users can add a phone number and PIN to their .NET Passport account directly from the .NET Passport Member Services site. From that point on, they can sign in on phones using this phone number and PIN. Users who do not yet have a .NET Passport can register for a new account on the phone. When they do, they provide their phone number and PIN and use those to sign in thereafter.

Sign-Out Example Code

The following is an example cookie-delete script with support for wireless devices. For more information about cookie-delete scripts, see Implementing Sign-Out and Deleting Cookies.

<%
Response.ContentType="image/gif"
Response.Expires = -1
Response.AddHeader "P3P", "CP=""TST"""

Response.Cookies("MSPProf") = ""
Response.Cookies("MSPProf").Expires = #Jan 1,1998#

Response.Cookies("MSPAuth") = ""
Response.Cookies("MSPAuth").Expires = #Jan 1,1998#

Response.Cookies("MSPConsent") = ""
Response.Cookies("MSPConsent").Expires = #Jan 1,1998#

Response.Cookies("MSPSecAuth") = ""
Response.Cookies("MSPSecAuth").Expires = #Jan 1,1998#

Response.Cookies("YourSiteCookie") = ""
Response.Cookies("YourSiteCookie").Expires = #Jan 1,1998#

'If you have configured your Web site to use a domain other than the default, then
'uncomment and modify the following lines:
'Response.Cookies("MSPProf").Domain = your cookie domain 
'Response.Cookies("MSPProf").Path = your cookie path
'Response.Cookies("MSPAuth").Domain = your cookie domain
'Response.Cookies("MSPAuth").Path = your cookie path

'also remember to delete any site-specific cookies
'that are based on .NET Passport profiles!
'For example, delete the shopping cart cookie.
Response.Cookies("ShoppingCartCookie") = ""

' Begin code for wireless devices
If Not 0 = InStr(1, Request.ServerVariables("HTTP_USER_AGENT"),   "UP.Browser") Then
Response.ContentType="text/vnd.wap.wml"
Dim oDom
Set oDom = Server.CreateObject("Microsoft.XMLDOM")
Dim oGo
Set oGo = oDom.createNode("element", "go", "")
Dim strRU
Set strRU = Request.QueryString("ru")
oGo.setAttribute "href", strRU

// ' Render the page ...
Response.Write("<?xml version=""1.0""?>")
Response.Write("<!DOCTYPE wml PUBLIC ""-//PHONE.COM//DTD WML   1.1//EN"" ""https://www.phone.com/dtd/wml11.dtd"">")
Response.Write("<wml>")
Response.Write("<head>")
Response.Write("<meta http-equiv=""Cache-Control"" content=""max-  age=0"" forua=""true""/>")
Response.Write("</head>")
Response.Write("<card>")
Response.Write("<onevent type='onenterforward'>")
Response.Write(oGo.xml)
Response.Write("</onevent>")
Response.Write("<onevent type='onenterbackward'><prev/></onevent>")
Response.Write("</card>")
Response.Write("</wml>")
Else%>
%<!--#include file="images/signoutcheckmark.gif"-->
%<End If>

See Also

Single Sign-In Overview | Collecting User Data | Manager.HexPUID | Manager.LogoutURL