phertel


Hi,

I have a very basic questions about Windows Live ID. Suppose I have two domains www.firstDomain.com and www.secondDomain.com, and users are authenticated at each one by Live ID.

If a user visits www.firstDomain.com and logs in, and then subsequently visits www.secondDomain.com, is he automatically logged in there also Or does he have to log in to Live ID twice, once for each domain

Thanks,

phertel

PS: If he only has to sign in once, how does this work Is the authentication using a third-party cookie




Re: Basic Live ID question

nr2ae


I'm not sure about real-world Live ID/ .NET Password enabled site. So far I just have to click Sign In again without entering any credential. For example, I sign in to this Forum, then I go to msn.com. msn.com will display a Sign In button. When I click it, it became a Sign Out button instantly.

However, according to the C# sample in "Windows Live ID Web Authentication Preview", it doesn't work.

What I discovered is that: If the user has logged in to Live in the first site and then visit the second site for the first time, the Live IFRAME display the logout link, but the web application doesn't realized that.

It will say "Welcome to the AuthLite ....", not "Thanks for signing in. Your user ID is ....."

This is not surprising, since Live never sent the current userid to the second site. The only way to make the second site realize is to log out and log in again, which will make Live send the userid to the second site. But this is very inconvenient, of course.

So, if any of Live ID SDK writter is reading this, do you know how to fix this





Re: Basic Live ID question

Josh Brown - MSFT

Using Web Authentication will not allow single sign in across multiple sites. The token you receive from the login server is specific to the site.





Re: Basic Live ID question

Alex Media

But then the iframe should display a 'Sign In'-link, even when you're already signed in on a different site...



Re: Basic Live ID question

Josh Brown - MSFT

I have investigated and have not been able to reproduce the problem you describe. You may have incorrectly specified the same AppID for both sites Please post your code and links to the sites in question if you are still having the problem.

Thanks,






Re: Basic Live ID question

Navindra

Hi Alex,

You are correct. Are you sure that this is not the case currently If you look at the source code for the iframe you should see that it uses the application ID and some cookie checks to determine whether you are logged in or not.

Incidentally, to answer your other question about using iframes, in the final release it will be optional (though perhaps not recommended) and you will be able to construct your own Sign in/out links.

Thanks.





Re: Basic Live ID question

Alex Media

I haven't seen the sourcecode of that <iframe>, I merely tried to explain what happened according to the post made by the topic starter Stick out tongue