If you haven't been following the Identity Management circles then you might have missed the growth of Windows Cardspace. From Microsoft's site:
Windows CardSpace is client software that enables users to provide their digital identity to online services in a simple, secure and trusted way. It is what is known as an identity selector: when a user needs to authenticate to a web site or a web service, CardSpace pops up a special security-hardened UI with a set of “information cards” for the user to choose from.
I have been trying to get my arms around the details and I must admit there's a lot to learn. Fortunately the folks at Quality Data produced an excellent ASP.NET server control that provides a jump start to adding to your site. Following their instructions couldn't have been easier and everything appears to work great.
Keep in mind that Quality Data's Cardspace Control requires the use of SSL. If you don't have a certificate on your blog then this control isn't going to work for you. So how do you add Cardspace to your blog? Here's what I did...
- Configure BlogEngine to use the SQL Membership Provider. Keep in mind you don't have to use SQL for anything other than the Membership and Roles provider.
- Download the Quality Data Cardspace Control and add the file QualityData.CardSpace.dll into the ~/bin folder.
- Extend the SQL database using the file CardSpaceControls.sql included in the download.
- Add the control to your ~/Login.aspx file. (I have included my login.aspx file to make life easy)
- Add the CardspaceManage control to an admin page. (I have included ~/admin/pages/Cardspace.aspx to make life easy)
- Update your ~/web.sitemap file to include the new menu option:
<siteMapNode url="~/admin/Pages/CardSpace.aspx" title="Cardspace" description="" roles="administrators,editors" />
Once you have completed these steps you are ready to associate an Information Card with a user account. Log into your blog using your administrator account and click on the Cardspace tab. Click on the "Associate an Information Card" button and create/select an information card to use with this account. Once your Information Card has successfully been associated with your user account you should see the digital signature below the button.
Logout and try logging into your blog using the Information Card
Everything should be working now. Here are some troubleshooting issues that I used to resolve the random tidbits that came up.
MachineKey Folder - Access to the SSL private key is necessary for Cardspace to decrypt the Information Card. You might need to modify the permissions of the files located in the %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys folder. Be sure the ACL's include read access for the Network Service account.
SSL Required - Cardspace requires SSL and will not work if you aren't in a SSL session when launching the Cardspace controls. So how can you ensure that HTTPS is used whenever you connect to the Login.aspx and Cardspace.aspx page? Easy. Have a look at Sanibel Logic's SSLRedirect module. I have been using this module for many years without any problems.
That's about all I have right now. If you run into any problems feel free to drop me an email and I will do my best to help you out.
Cardspace_admin_page.zip (888.00 bytes)
login.zip (582.00 bytes)
