Francisco Merizalde


Can anyone point me to a code sample using Windows Live ID for Authentication into a Sharepoint 2007 site

Thanks,

Francisco




Re: SharePoint Authentication with Windows Live ID

ChgoChad


I agree, seems like a pretty natural progression to add the ability to integrade with existing MS products.

While in the WSS 3.0 and MOSS 2007 there have been a number of improvements in the way you can incorporate authentication, if you want to use the Windows Forms method you'll have some development work to do. The basic logon page is there; but that's all...user sign-up, password change handling, etc. isn't included. It would be nice if Live ID was an option and if it could be easily implemented and ready for my end-users. In my instance we have a small user base in Sharepoint and we're spread out across multiple offices.






Re: SharePoint Authentication with Windows Live ID

Frodeste

Hi

I think this kind of integration should be a part of the standard functionality of MOSS/WSS.

We have started investigating this, but are reluctant to spend money on development because we do not know if such functionality will become publicly available.

  • Does MS care to comment on this
  • Is anyone else interesset in co-development of this feature If so, drop me a few lines on this forum

F.






Re: SharePoint Authentication with Windows Live ID

_Chris_R

I am in the same boat as others on this post. I am trying to integrate Windows Live ID into SharePoint.

My initial thought is that Live ID will do the authentication and passback that this is indeed the right person, but then I would still need to do the actually handshaking the user to the sharepoint site. (So my line of thought is a hybrid FBA solution with LIve ID to tell me if the user is who they really are).

- Chris






Re: SharePoint Authentication with Windows Live ID

Leif Sunesson

I'm not a devloper but I guess info on this page will help you on the way: http://msdn2.microsoft.com/en-us/library/f8e50t0f.aspx

and
http://msdn2.microsoft.com/en-us/library/bb264574.aspx





Re: SharePoint Authentication with Windows Live ID

Scott Stabbert

Hello all,

With the launch of Windows Live ID 4.5 service in January, 2007, we now support logging into SharePoint 2007 with a Windows Live ID via Active Directory Federation Services (AD FS, formerly ADFS) with some limitations.

AD FS allows credentials compatible with WS-Federation Passive Requestor Profile such as Windows Live ID to be mapped to an AD account. SharePoint then uses the mapped AD account to authorize activities. There are current limitations however when using this model, specifically with the Office based SharePoint editing tools. I don't have the specifics yet, but am working to put together a short 1-pager describing how to setup and what the exact nature of the limitations are.

Additionally, the SharePoint and AD FS teams here at Microsoft are working on the outstanding issues to allow Windows Live ID to be more naturally integrated and fully supported with SharePoint. As those investigations are just starting, I don't have a timeline on that.

Josh or I will post back with a follow up in the next week with more information on this topic. Thanks for asking!

Scott Stabbert

Windows Live ID





Re: SharePoint Authentication with Windows Live ID

Francisco Merizalde

Scott,

Can you point me to a sample I could use with the functionality available today

Regards,

Francisco





Re: SharePoint Authentication with Windows Live ID

Scott Stabbert

Your first link (http://msdn2.microsoft.com/en-us/library/f8e50t0f.aspx) is actually about the legacy .NET Framework's integration with the older Passport service and the Passport Manager object. The Passport Manager object is no longer supported, and hence, the cooresponding PassportIdentity object and the Passport Authentication Provider (a HTTPModule) cannot be used.





Re: SharePoint Authentication with Windows Live ID

Scott Stabbert

I'm gather information now and will post a summary of how to progress within the week.
Check back early next week.




Re: SharePoint Authentication with Windows Live ID

_Chris_R

I have been doing some more looking into my previous thoughts on how to do this. Basically this is my approach on using Passport with Windows Live ID.

1) Enable Forms Base Authentication for the Site.
2) Change the web.config file for the login page to point to my login page for Windows Live Id.
3) The user will sign into Windows Live Id. I will get back the UID from Windows Live Id.
4) I will take the UID and pull the login from the FBA database.
5) Next I will use FormsAuthentication.SetAuthCookie(username, rememberMe) to login the user to the site and redirect them to the page they requested.

I have tested pieces of this and have not fully implemented it. This is just another way of using Windows Live ID.

Using AD FS and the requirement of every Windows Live Id having a AD Account is interesting, but may not be usefully when a site is going to expect 10,000 users that are not within the domain already. Because the solution will require code to create a user account to the domain via unmanaged code (just another technology to figure out and adds more scope to a project).

I am hoping posting this response will shed some light on how to proceed forward. Eventually I will document whole process when I have it working!





Re: SharePoint Authentication with Windows Live ID

Scott Stabbert

Here is what I can gather is the current story with regard to Sharepoint using Windows Live ID authentication.

There are several issues, mostly around the Office clients and their components which are tightly interated with SharePoint.

  • If Authentication cookies are session cookies, they are not shared between IE processes. When separate IE process are kicked off to do activities such as edit the site, the authentication cookie will not be present for the new process (http://support.microsoft.com/default.aspx/kb/912492)
  • Some office clients, when used for editing SharePoint pages, doní»t reliably follow 302s
  • Some office clients perform an unauthenticated HTTP POST that the AD FS Web Agent cannot handle
  • Office clients do not understand or execute the javascript that AD FS uses for returning tokens
  • Office clients cannot display HTML UI that AD FS uses for home realm discovery

We have efforts underway to make ADFS work more seamlessly with web based components such as Office and Sharepoint. The issues and resolutions are under investigation.

Scott





Re: SharePoint Authentication with Windows Live ID

McMason

Is there any update to this Scott I know that for pure forms authenticatio a number of these issues can be worked around. There seems little point doing LiveID/ADFS with MOSS for team sites if it will break office client applications...





Re: SharePoint Authentication with Windows Live ID

MatthewRoche

I too am very interested in an update on this issue. If Scott or another member of the product group could please comment, it would be very much appreciated.






Re: SharePoint Authentication with Windows Live ID

Leif Sunesson

I found this projekt http://www.codeplex.com/Release/ProjectReleases.aspx ProjectName=CKS&ReleaseId=7746

with open source that might have fixed this issue.

have not tried it myself yet so feedback from user would be appreciated