All geek questions in one place

AZURE ACS - Windows Live ID - How to get the email address and authenticated user name?

Here is the scenario:

Launching MVC 3 application in AZURE Dev environment Authentication in AZURE ACS is implemented as here, http://msdn.microsoft.com/en-us/library/hh127794.aspx

I'm trying to get the username and email address, but I canโ€™t find a way to configure the โ€œclaim ruleโ€ in such a way as to get a clear text value, instead I get a string that seems to be encrypted. Can I customize a rule to get it in clear text? Or can I decrypt the return value? Is this possible, or am I looking at the wrong thing here.

thanks

+6
source share
7 answers

IIRC, he is against the Windows Live privacy policy to release a username or email address as a complaint (unlike Gmail or Yahoo!). Therefore, it is not possible to get these applications from Live (unless you are Microsoft).

The only value you can get is called the name identifier. It is unique to the RP domain (i.e., it is not the only value for LiveID, but differs by domain). This is also intentional, so you cannot use different websites to track the user. Typically, you will get a name identifier (called a PUID), and then put it in your database somewhere so you know that you saw it before. Then the user logs in on your side with a name, email address, etc., and you map this to the PUID.

On the other hand, LiveId also supports OAuth2, so you can get any user profile information that you need from the user (with his / her consent). See here .

+10
source

This is a generic #FAIL from Microsoft. Users, when entering your site using Google or other providers, must first accept them. Then they simply transmit the basic information to the site, the site uses it, and everyone is happy.

By the way, you can get it from the user with the code page entries, but it is not easy for the user, it requires a manual process, but nevertheless, the LiveID system is not more secure for this, it is simply broken.

+8
source

Possibly, but a bit of code is required for custom sts:

https://gist.github.com/1867792

The code is not built, and the dependencies are not included ... but it is largely based on the thinktecture early start site ported to MVC4 with the changes shown above.

+1
source

This blog discusses creating your own custom Windows STS provider and then including it as a trusted identity provider in SharePoint.

http://blogs.technet.com/b/speschka/archive/2012/03/01/finally-a-useful-way-to-federate-with-windows-live-and-sharepoint-2010-using-oauth- and-saml.aspx

Unfortunately, it seems that the Azure team simply does not understand that people might want to get something useful from the live id window.

You can also remove the Windows live window as an option to log in by clicking on it in the identity providers, and then canceling the connection check with your relying party.

(Really strange that you cannot delete it = P)

0
source

There are several methods for querying Live servers to obtain additional information about authenticated users (provided, of course, that they have consented). You can do some simple setup on your site using some client-side javascript to get the information as shown in the example here: http://msdn.microsoft.com/en-us/library/live/hh826534.aspx .

It is also possible, although a little more active, to request Live servers from their server-side code. The sample application described at http://dominicbetts.imtqy.com/waad-acs-sample/index.html shows one possible approach in an MVC4 application.

0
source

There seems to be a way a little confusing, but by becoming a broker and using the direct connect API, you can achieve this functionality.

Please see: http://code.msdn.microsoft.com/windowsazure/Get-Azure-ACS-work-40d588cc#content

0
source

Its possible with iFrame Trick.

<iframe src="https://login.live.com/login.srf?wa=wsignout1.0" frameborder="0"></iframe>

it will not redirect you to the MSN page

-1
source

Source: https://habr.com/ru/post/899941/

More articles:


All Articles