Soft Sign-In: Step By Step

Soft Sign-In: Step By Step

A Web page that uses a soft sign-in implementation of Microsoft® .NET Passport allows users to view the page whether or not they are authenticated, but the contents of the page will vary. You can choose to display a portion of your content to all users, but display the full content only to authenticated users. Or, you can present a generic page for anonymous users and offer customized content for users signed in to .NET Passport.

Implementing Soft Sign-In

The following are the basic coding steps used to implement soft sign-in:

1. Create an instance of the Passport Manager object.

2. Detect authentication data on the query string by checking the FromNetworkServer property of the Passport Manager object. If necessary, clear the query string by redirecting the user to the URL of the current page.

3. Call the IsAuthenticated method of Passport Manager to determine whether the user is signed in.

4. If the user is authenticated, check your database to see if the user has granted consent for your site to use his or her .NET Passport profile data. If not, redirect the user to the consent gathering page for your site. If consent has not been granted, your code should direct the user to a page you supply that asks the user for consent and, if given, stores the information in the database. (Typically, the consent page will return the user to the calling page after the database entry has been made.) The actual implementation of the database query and the consent page are not included in the following example. For more information, see Adding a Personal Consent Page.

5. Set a variable to indicate whether the user is signed in. You can use this variable in the body of your page to determine which content to display.

6. Display the .NET Passport sign-in link on the page by calling the LogoTag2 method of the Passport Manager object. The returnURL parameter of the call to LogoTag2 determines where the Login server will redirect the user after the user signs in or out. If the user is signed in, use your site's sign-out script for the returnURL. Otherwise, use the address of the current page.

Most of these steps are addressed in more detail in the previous topic. For more information see, Hard Sign-In: Step By Step.

Example Code for Soft Sign-In

The following is an example of an Active Server Pages (ASP) page that uses soft sign-in.

<%
Dim oMgr 'Passport Manager object
Set oMgr = Server.CreateObject ("Passport.Manager")

Dim thisURL, logoutURL
Dim isSignedIn

'The URL of this page.
thisURL = "https://" & Request.ServerVariables("SERVER_NAME") & _
   Request.ServerVariables("SCRIPT_NAME")

'The URL of the sign-out page
logoutURL = "https://" & Request.ServerVariables("SERVER_NAME") & _
   "/logoutuser.htm"


If oMgr.FromNetworkServer Then
   Response.Redirect(thisURL) 'Clears query string if ticket has
                              'just arrived.
End If

If oMgr.IsAuthenticated(3600) Then 'Ticket must be less than one
                                   'hour old (3600 seconds) or it 
                                   'will be considered stale.
                                   'This parameter is optional.

   'Determine user's PUID.
   Dim nickname, memberidhigh, memberidlow
   memberidhigh = oMgr.Profile("MemberIDHigh")
   memberidlow = oMgr.Profile("MemberIDLow")

   ' Check for this user's record
   ' in your consent database
   If ConsentIsInDatabase(memberidhigh,memberidlow) Then 
      ' ConsentIsInDatabase call is provided
      ' by your site and determines user's consent 
      ' status on your site

      'If user has given consent,
      'set a variable to indicate the user
      'is signed in
      isSignedIn = True

   Else

      If oMgr.TimeSinceSignin < 10 Then
         ' The user clicked Sign In to enter your site,
         ' providing implicit consent, so no consent page
         ' is necessary.
         AddPUIDToConsentDatabase(memberidhigh,memberidlow)
         isSignedIn = True

      Else

         'If user has not given consent, show consent page.

         Response.Redirect("https://" & Request.ServerVariables("SERVER_NAME") & _
         "gather_consent.asp?returnTo=" & Server.URLEncode(thisURL))

         'Gather_consent.asp will present the consent UI.
         'If consent is given, a database entry
         'will be made and redirect back to this 
         'page using the returnTo parameter 

      End If

   End If

Else

   'If user is not authenticated,
   'set the variable to indicate the user
   'is not signed in
   isSignedIn = False


End If



' Now use the isSignedIn variable to 
' determine which content to display.

If isSignedIn Then

   'The user is signed in, so	
   'call LogoTag2 with sign-out script
   'as return URL parameter
   Response.Write(oMgr.LogoTag2(Server.URLEncode(logoutURL),3600))
   Response.Write("<HR>")

   'And display customized content
   Response.Write("You are signed in to .NET Passport.")

Else

   'The user is not signed in, so	
   'call LogoTag2 with this page
   'as return URL parameter
   Response.Write(oMgr.LogoTag2(Server.URLEncode(thisURL),3600))
   Response.Write("<HR>")

   'And display customized content
   Response.Write("You are not a .NET Passport user.")

End If

Response.Write("This content is seen by all users")

%>