Windows CardSpace

Visual Studio 2005 ToolBox for Windows CardSpace

Ready to go?
I published my brand new ToolBox Suite for Visual Studio 2005.

You can download the tools here:
http://www.codecomplete.de/files/folders/ditools/entry23.aspx

My little Demo Video:
http://www.codecomplete.de/blogs/digitalidentity/archive/2007/04/11/demo-video-use-windows-cardspace-and-the-visual-studio-toolbox-for-windows-cardspace.aspx 

The truth and next generation :-): http://www.codecomplete.de/blogs/digitalidentity/archive/2007/04/15/visual-studio-toolbox-completed-asp-net-2-0-cardspace-workflow.aspx

First enterprise application: http://www.codecomplete.de/blogs/digitalidentity/archive/2007/04/23/integrate-identity-in-communityserver-2007-with-the-help-of-windows-cardspace.aspx

Our little support forum:
http://www.codecomplete.de/forums/12/ShowForum.aspx

For updates have a look here:
http://www.codecomplete.de/forums/thread/41.aspx

[Update: Use javascript to pop up Windows CardSpace: http://www.codecomplete.de/blogs/digitalidentity/archive/2007/04/09/use-javascript-to-pop-up-windows-cardspace-in-web-applications.aspx]

The Visual Studio 2005 ToolBox for Windows CardSpace enables an easy way to use Windows CardSpace in your ASP.NET 2.0 Web-Application to register and validate your users. It´s also possible to use the controls to receive a SAML token and get the decrypted values of provided claims. The token decrypting process is build based on the community sample http://cardspace.netfx3.com/files/folders/samples_rc_1/entry5998.aspx.

There are two controls you can use: CardSpaceLogin and CreateCardSpaceUserWizard. Both controls are integrated into the Visual Studio 2005 ToolBox:

Installation

To install the controls you have to add the control library ATE.IdentitySelector.Web  into  your ToolBox.  You can reach this by right clicking inside the ToolBox, select “Choose Items” and browsing for the DLL.

Quick Start

To get started just drag and drop any of the new controls into a WebForm. Now you have to configure the control. Don't be afraid :-) It´s easy.
You have to tell the control which claims you presuppose. In case of using a Personal Card (Self Issued Card) you could use any of the following claims:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/streetaddress
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/locality
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/stateorprovince
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/postalcode
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/homephone
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/otherphone
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dateofbirth
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/gender

Because of the privatepersonalidentifier is unique and the only “real” ID (ID of the card) it´s necessary to use this claim to generate a user. Instead of storing e.g. the username, email address or something else to indentify a user you have to store the privatepersonalidentifier. The CreateCardSpaceUserWizard  use the  privatepersonalidentifier to store a new user in the database configured as the default Membershipprovider. I just want to inform you about this issue: http://www.fearthecowboy.com/2007/01/me-and-my-ppid-can-i-rely-on-it.html. This is a known "problem". If you want to use the UniqueID instead of the PPID you should implement this in the event handlers where you get the provided token. [Update: The control now use the UniqueID instead of the PPID] 

If you have a look at the markup of the WebForm you will see something like this:

CreateCardSpaceUserWizard Control

<cc1:CreateCardSpaceUserWizard ID="CreateCardSpaceUserWizard1" runat="server" BuildInRegistration="False" OnUserRegistered="CreateCardSpaceUserWizard1_UserRegistered1">

<cc1:IdentityClaim ClaimUri= "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" />
<cc1:IdentityClaim ClaimUri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="False" />
<cc1:IdentityClaim ClaimUri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="False" />
<cc1:IdentityClaim ClaimUri= "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" />

</cc1:CreateCardSpaceUserWizard>

In this case case we want to receive the privatepersonalidentifier and the emailadress of a new user.

 If you define the claim

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

the control will store the emailaddress automatically so have not to worry about this :-)

After registration the control will fire the UserRegistered Event. The eventargs will tell you the result of the operation and the provided claims as a NameValueCollection.
 
Automatic user registration with the default ASP.NET 2.0 Membership-Provider

If you want to use the build in implementation to store the user automatically you have to set the BuildInRegistration setting to true:

If you don´t want to use this feature just disable it. The event fill fire also and you are able to implement your own custom logic.

Other settings

You could change some text messages, also:

Title: This is the main label that you will if you use the control inside a WebForm
Text: This is the text on the provided button
SuccessfullyRegisteredText: The text that will be shown on successful registration
UnSuccessfullyRegisteredText: The text that will be shown on unsuccessful registration
ImageUrl: The Url to an image that will be shown on the left side of the control.
Issuer: The issuer of the received token. The default value is http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self  for Personal Cards.
If you want to accept any issuer just set the value as en empty string:
   <cc1:CreateCardSpaceUserWizard Issuer="" …

CardSpaceLogin Control

<cc1:CardSpaceLogin ID="CardSpaceLogin1" runat="server">
<cc1:IdentityClaim ClaimUri= "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier" />
<cc1:IdentityClaim ClaimUri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" Optional="False" />
<cc1:IdentityClaim ClaimUri="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" Optional="False" />
</cc1:CardSpaceLogin>

Here you see that it´s only neccesary to provide the privatepersonalidentifier. The control will identify the user based on his credentials and the control will fire the UserLoggedIn Event. This event will tell you the validation result and the provided claims as a NameValueCollection.
Automatic user login and validation with the default ASP.NET 2.0 Membership-Provider
 
If you want to use the build in implementation to login the user automatically have to set the BuildInLoggin setting to true:

Update: Automatic redirect user from login page and setting of the  ASP.NET Formsauthentication-Cookie:
If you want to redirect your users directly after successfully registration just set the property BuildInFormsAuthentication true. If you don´t want to use this feature set it false. Now you have the control to implement your custom logic in the eventhandler.

If you don´t want to use this feature just disable it. The event fill fire also and you are able to implement your own custom logic.

Other settings

You could change some text messages, also:
Title: This is the main label that you will see if you use the control inside a WebForm
Text: This is the text on the provided button
LoggedInSuccessfullyMessage: The text that will be shown on successful login
LoggedInUnSuccessfullyMessage: The text that will be shown on unsuccessful login
ImageUrl: The Url to an image that will be shown on the left side of the control.
Issuer: The issuer of the received token. The default value is http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self  for Personal Cards. If you want to accept any issuer just set the value as en empty string:

<cc1:CreateCardSpaceUserWizard Issuer="" …
 
Basic Workflow

CreateCardSpaceUserWizard

CardSpaceLogin