Using Windows Azure Access Control Services for Windows Live Authentication using Live Id SDK – Part 2

Ok, in part 1, we saw how ADFS authentication gives us profile information in the forms of claims which we don’t receive in case of using Live ID authentication.
To receive profile information we need to use Windows Live SDK. First we need to create an application on Live ID connect API’s portal. Browse to the following link, https://manage.dev.live.com/, login with your Live ID credentials and then create an application as shown below –
Click on Create Application link. Then provide application name [samplewebrole in my case] and language as English. Then under API settings specify, redirect URL.



This is the URL to which access token will be sent by Live ID. Then we will use this access token to receive profile information in Callback.aspx. Here in Redirect URL I am specifying the URL which will be online when application will be deployed to cloud. You can specify any other URL like – www.litware.com or anything of your choice.
Right now my redirect URL – http://--.cloudapp.net/ does not exists. However, live ID sends token only to this URL as it has been configured as Redirect URL on live SDK portal. So we need to redirect this URL to our localhost cloud URL which is – http://127.0.0.1/ so that token can be received by my application. To do this open host file from location C:\Windows\System32\drivers\etc\ and specify following information –



Now we will use SDK REST API to login to windows Live and to receive profile information. I will have to make these REST API calls on “windows Live ID” button click of ACS login page. However I don’t have login page of ACS. So I need to create a custom login page along with my button of Live Id. On click on my live id button we will make these REST calls. Also the code of ACS will be required so that ADFS button and other ACS stuff will work without any problem.
On ACS Azure portal, under Application Integration system tab in left hand panel, you can download ACS login page. This page is in HTML so I will convert to aspx page and add my own custom button named as “Live ID”. And click on this button I will make Live ID REST API calls.



Copy complete <HTML></HTML> of ACS HTML page and paste in <HTML> section of your login page. I have named it as Login.aspx. Then add your button under <div id="IdentityProvidersList"></div> as shown below –



Now we need to make our custom login page as startup page of the application. If you make your custom login page as startup page by right clicking on solution explorer and run the application; you will be still redirected to ACS login page and not your custom login page. To overcome on this problem we will need to specify “Forms Authentication” tag in web config of web role. So our application will become combination of Federated authentication (using ADFS) and Forms authentication (using Live ID connect).
By default federated authentication makes <authentication mode="None" />
Therefore comment above line from web config file and add following lines under <system.web> tag –
<httpRuntime maxRequestLength="1048576" executionTimeout="120" requestValidationMode="2.0" />
<authentication mode="Forms"><forms loginUrl="Login.aspx" defaultUrl="~/Callback.aspx" timeout="10" /></authentication>
Then add following tag parallel to <system.web> tag and not inside it; that is following tag will go under <configuration> tag –
<location path="Login.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>
  <location path="Callback.aspx">
    <system.web>
      <authorization>
        <allow users="*" />
      </authorization>
    </system.web>
  </location>


Add following keys in ServiceConfiguration.local.cscfg file –
<Setting name="LiveIdClientID" value="your Cline ID received from application created in live id SDK portal" />
      <Setting name="LiveIdRedirectURL" value="http://Your redirect URL/Callback.aspx" />
      <Setting name="LiveIdClientSecret" value="your client secret" />
      <Setting name="LiveIdOAuthURL" value="https://oauth.live.com/token" />

Add following code in code behind of custom login page –
protected void Page_Load(object sender, EventArgs e)
        {
            //if return url is not null means user coming from windows live ID else coming from ADFS
            if (Request.QueryS07ing["ReturnUrl"] != null)
            {
                if (Session["EmailAddress"] != null)
                {
                    IClaimsIdentity identity = User.Identity as ClaimsIdentity;
                    ClaimCollection collection = identity.Claims;

                    s07ing emailAddress = Convert.ToS07ing(Session["EmailAddress"]);
                    //re07ieve name without domain
                    s07ing userName = emailAddress.Split(new char[] { '@' })[0];
                    FormsAuthentication.RedirectFromLoginPage(userName, 07ue);
                }
            }
        }

        protected void btnLiveIDLogin_Click(object sender, EventArgs e)
        {
            s07ing LiveConnectAuthUri = "https://oauth.live.com/authorize?client_id=<clientId>&scope=wl.signin%20wl.basic%20wl.emails&response_type=code&redirect_uri=<redirect_uri>";

            //read client id and redirection url from config file
            s07ing clientID = RoleEnvironment.GetConfigurationSettingValue("LiveIdClientID");
            s07ing redirectionURL = RoleEnvironment.GetConfigurationSettingValue("LiveIdRedirectURL");

            //create url
            s07ing authorizedRestCall = LiveConnectAuthUri.Replace("<clientId>", clientID).Replace("<redirect_uri>", redirectionURL);

            //redirect to login page
            Response.Redirect(authorizedRestCall);
        }


Now we need to add callback.aspx page to handle the tokens and receive profile information in it. The complete code for Callback.aspx is here – Callback.aspx.
My final project s07ucture is as follows –



Now run the application, your login page will appear as follows –



Click on out custom Live Id button. You will be redirected to login page of windows Live. After successful login, you may be asked for allowing access to the profile information. Click YES. Then code in Callback.aspx will be executed and email ID will be re07ieved. This email ID I am adding to the session which is then populated on Default.aspx as shown –



Hope it helps.
Cheers…
Happy Programming!!!

Comments

Popular posts from this blog

The request has both SAS authentication scheme and 'Bearer' authorization scheme. Only one scheme should be used

Getting Started with Logic Apps - AS2

How to Debug and Trace request in Azure APIM - Portal, Postman, RequestBin