Fernando Karnagi


Dear All,

I am having a Java Web Application project that requires integration with Windows Live Mail. One of my approach is by using Windows Live Web Authentication. I have downloaded the sample code for Java, and I can run it. However it is not what I am expecting. I am actually expecting that the sign-in takes place in my application, not in Windows Live itself. Has anyone ever experience this situation

Any help is very much appreciated.

Thank you.

Regards,

Fernando Karnag



Re: Web Application Single Sign-On

Alex Media


The sign-on process will always work via the Live ID-servers to prevent phishing. Microsoft's own websites (and applications) work in the same way: when authentication is needed, the user is redirected to the login.live.com-domain, where he signs in. After that, he is returned to the requesting page. That's how it works, and that's not going to change because that would sacrifice the security of the entire system.

Yahoo, Google and OpenID work in the same way... all authentication is handled by a central server.






Re: Web Application Single Sign-On

Fernando Karnagi

Hi,

thank you for the reply. Is there any interface (i.e. webservices or Http client code) which can do the login programatically, instead of manually forcing the user to login to Windows Live

Regards,

Fernando Karnagi





Re: Web Application Single Sign-On

Alex Media

No, that is not possible. It again would compromise the Live ID-security system.

For example, a phishing website could spoof the authentication page, and then sign in the user to, for example, their Hotmail inbox. There would be no way for the user to notice his password been stolen.