pascal craponne


Hello,

I suppose the answer's 'no', but I'd like to know if there is any way to get more than a user id after a live id login
For example:
- user login (the email)
- first / last name
The WinForm client does this, so why is it not obvious with ASP.NET

Pascal.




Re: ASP.NET: getting more than a user id

Alex Media


I think it's also a way of spam-prevention. If you surf the web and are automatically authenticated to websites, those sites could collect your e-mail address (as returned to them by Web Auth) and they know it's a working address because you've just authenticated with it.

To get more than a user-ID (UUID) you should request the user to enter that information. Another possibility is that Microsoft offers an extra service (through Windows Live Data ) that submits user information to the website - with user consent, like in the Live Contacts Control.






Re: ASP.NET: getting more than a user id

pascal craponne

The OpenID model is quite good from this point of view (however OpenID does not bring a trust authority, it's just an easy way to authenticate): when signin in to a website, the user choses what information he wants to send to the website (nickname, email, birthday...).

Let's get back to Live Id: correct me if I'm wrong, but the system does not sign you in automatically to any website, so this should already reduce the spam possibilities. Or, if the spam scares us too much, the system could give a name, even a nickname... In a nutshell: a human readable information Smile
Too bad, this does not seem to be the case at the moment.





Re: ASP.NET: getting more than a user id

Angus Logan (Windows Live)

Hey Pascal,

We take users' privacy and security super seriously.

For Web Authentication we won't return any more than the user's unique identifier for that web site to protected users's information & identities.

Regards

Angus Logan | Senior Technical Product Manager | Windows Live Platform | http://blogs.msdn.com/angus_logan/






Re: ASP.NET: getting more than a user id

Don Woods

I guess that there has a lot of discussion in the forums(http://forums.microsoft.com/MSDN/ShowPost.aspx PostID=1930418&SiteID=1). Moreover, Jamie writes his finding at http://jamiethomson.spaces.live.com/blog/cns!550F681DAD532637!1658.entry .

With so much discussion about this problem, I wish Microsoft comes forward with some solution.

~Don





Re: ASP.NET: getting more than a user id

Peter Bromberg

I think the answer to this is that if you want to use LiveID for authentication, you need to add a UserId column into your Users table in your database. Then, when you find that you do not have user information for a UserID that has authenticated on your site via LiveID, you make visible a form asking them to fill in their registration info (email, name, handle, opt-in for email newsletter, etc) and you save this.


The next time the user authenticates, you can query out this info based on their UserId.

LiveId appears to me to be for authentication only. - its up to you to collect the information you want your users to store.






Re: ASP.NET: getting more than a user id

Jamie Thomson

Hey Angus,

Are you still reading Care to answer the question of what role Windows live Data has to play here Do you envisage a situation where you can authenticate a user on your site using Live ID authentication and then request more of that user's data using Windows Live Data and Live controls (such as this one: http://dev.live.com/contacts/)

-Jamie






Re: ASP.NET: getting more than a user id

Angus Logan (Windows Live)

I'm still here (windows live alerts notified me there was activity on this thread Smile)

Windows Live Data (Contacts) are shared between messenger/spaces/mail and are user centric. i.e. a user has their address book.

Using the Windows Live Data API (codenamed: Cumulus) a user can Delegate permissions (read or read/write) for a website to act on their Address book.

There may be a way to tie the Live ID authentication process into the Delegation process for contact information however it would be a few more clicks.

basically WLID & Windows Live data aren't related because one is clientside and the other is serverside...






Re: ASP.NET: getting more than a user id

Alex Media

But Angus, WL ID and WL Data could be used to provide us with some of the user's profile data... when a user first enters a site, he is asked for permissions for his WL ID-profile (like e-mailaddress and such) and when he grants it (read-only, I guess) the site can request the data when it's needed.

That way, the user doesn't have to re-enter his PII, but can still control what he wants to share with a website.




Re: ASP.NET: getting more than a user id

Jamie Thomson

Alex Media wrote:

But Angus, WL ID and WL Data could be used to provide us with some of the user's profile data... when a user first enters a site, he is asked for permissions for his WL ID-profile (like e-mailaddress and such) and when he grants it (read-only, I guess) the site can request the data when it's needed.

That way, the user doesn't have to re-enter his PII, but can still control what he wants to share with a website.

Completely right Alex. That's the kind of scenario I was talking about.

-Jamie






Re: ASP.NET: getting more than a user id

Alex Media

I'm not even interested in a user's contacts, I just want his PII (might sound greedy ), for example:

I'm using some guys WL ID Drupal-plugin, and when a user signs in for the first time, he is greeted with a plain ol' Drupal registration form, all fields are empty because there is no data. Via WL Data, I could request his preferred nickname, his e-mailaddress, etc. etc.

Then, the user just has to confirm that he wants that account created associated to that Live ID in stead of asking him - again - for his PII. It would even be better for that to happen seamlessly, but I don't think that's such a good idea regarding privacy and such... (although WL Data should ask for a confirmation)





Re: ASP.NET: getting more than a user id

Angus Logan (Windows Live)

Yup - that scenario would work but the click-count may be too many (it isn't that bad though when you offset the fact they dont need to enter their details)

- click to sign in on thirdparty.com

- enter your credentials on login.live.com (click)

- redirects back to thirdparty.com sToken handler which automatilcally redirects to the Permission Granting User Experience (automatilcally signed in because of the Web Authentication)

- user reviews the request and the privacy statement and allows (click)

- redirects back to thirdparty.com Domain Authentication Token (DAT) handler;

- asynchronously imports the users profile (i'm not certain the owner record)

there is one thing wrong with this - the owner record doesn't have any information in it (yet):

<Owner>
<WindowsLiveID>Angus@angusloganlive.com</WindowsLiveID>
</Owner>

I'm not sure what the roadmap is on this - i'll ask Paul Elliott to join this thread.






Re: ASP.NET: getting more than a user id

Angus Logan (Windows Live)

I will have a chat with the team who built the Windows Live Controls (Koji Kato) to see if they envisiage a control like this (and perhaps join the discussion)

it would need to function like the other controls (WINDOWS LIVE --> USER --> THIRD PARTY) (V shape) so the server doesn't get the information.






Re: ASP.NET: getting more than a user id

Alex Media

I think a public chat (like the Internet Explorer-team has sometimes) with the WL ID-team would be a great addition too. WL ID is the glue between everything Live, opening it up might be the key to success... if done properly.

WL Web Auth is great, but needs more to give it it's Wow-factor Smile





Re: ASP.NET: getting more than a user id

Angus Logan (Windows Live)

sorry fixed.