Jorgen Thelin - MSFT


Here's a FAQ topic that I wanted to ensure people were aware of:

The recommended way to incorporating Windows Live ID into your Web site is to insert the sign-in/sign-out link into your page, as described in the SDK documentation, but many people don't realize that link is customizable.

http://msdn2.microsoft.com/en-us/library/bb676638.aspx

The contents of the IFRAME can be customized with the following CSS style attributes in order to help match the look-and-feel of your website.

  • font-family
  • font-weight
  • font-style
  • font-size
  • color
  • background

If your customization requirements go beyond this set of CSS attributes, them please let us know so we can consider future encancements.




Re: Customizing the WebAuth Sign-in link IFRAME

Alex Media


Why is it recommended to use an iframe to display the sign in-link If the end-user can implement Web Auth, he can also find a way to display a sign in/out-link.

The iframe is just a call to the Live ID-server which is completely unnecessary if you ask me. I like to build sites according to standards (HTML 4.01 Strict) and have them validate without errors, using the recommended iframe would invalidate my website (as iframe isn't implemented in HTML 4.01 Strict, see here)






Re: Customizing the WebAuth Sign-in link IFRAME

Jorgen Thelin - MSFT

That's a great question Alex.

The iframe contains a lot of smart code to give the definitive display of the user's Live ID login status, and displays the appropriate Sign-in/-out link based on that status. The only guaranteed correct source of the login status info is the Live ID servers.

I've started to hear from several sites who have got themselves into all sorts of problems by trying to track the login state themselves, and for a variety of reasons getting out of sync with the Live ID status - resulting in unexpected behaviour for their users.

May people probably see the iframe displayed as an innocuous little link and think that it's a simple thing, but there is actually a lot of intelligence behind that page.






Re: Customizing the WebAuth Sign-in link IFRAME

TGriff

This is a little off-topic but, I have posted another thread about the IFrame and the sign-in/-out status in firefox. I'm wondering if there is a problem with the code-behind for the IFrame and detecting the status in Firefox...The sign-in status never changes to sign-out after logging into Windows Live. May you assist me




Re: Customizing the WebAuth Sign-in link IFRAME

William Forney

So why, pray tell, do you not just give us a web service we can call for the status instead of making us use some lame iframe include I'd happily implement a call to the web service to get the status and url of the appropriate login/out link and it wouldn't be any different than what the iframe is doing, except for one crucial thing... It wouldn't need an iframe! AND, it would be WAY more customizable as far as how I display the link. Just a thought.





Re: Customizing the WebAuth Sign-in link IFRAME

Alex Media

If you look through the SDK documentation and samples, you will see that there are methods to give you the correct URL's to the sign in and sign out-pages, you can use those if that better suits your needs. If you want to do that, you will have to implement a check on the user being signed in or not yourself.





Re: Customizing the WebAuth Sign-in link IFRAME

William Forney

Well, that seems rather dumb if you ask me. It's cool that there is a way to get the links but why isn't the status check some kind of web service or something Really, I don't mind the Iframe, but I'd just like the option to tell it to use the passport login graphics instead of text. It is far more recognizable to users that way, and it is a lot cooler looking. I suppose I could work around it with some javascript hacking that looks at the contents of the iframe and replaces it, but that's a pain.




Re: Customizing the WebAuth Sign-in link IFRAME

Alex Media

You can't read and replace the contents of the iframe because the iframe's content comes from a different domain. The only way to get what you want is by doing the sign in/out-links yourself. It's not that hard.

All the iframe does is look up whether your website is in the active sessions-list or not. If it isn't, a sign in-link is shown. If it is, a sign out-link is displayed. If something would go wrong on your website, say... the token gets corrupted, the user would not be signed in, but the iframe will only offer a sign out-link.

That's why I prefer to craft the links yourself and display them based on the status the user has at that moment...