By integrating Windows Live Id (formerly known as Passport) authentication in Share Point extends the Share Point user base to include some of the 350+ million users around the world with active Windows Live IDs. It enables an administrator to add Windows Live ID users to a SharePoint site.
With Windows Live ID Web Authentication, you can use the Windows Live ID service to verify the identity of visitors to your site, so that you can offer personalized access to your site’s content by the millions of registered Windows Live ID users. Windows Live ID provides you with a unique, site-specific identifier for each Windows Live user who signs in to your site. Web Authentication also enables you to incorporate Windows Live controls into your site.
Web Authentication works by sending your users to the Windows Live ID sign-in page by means of a specially formatted link. The service then directs them back to your Web site along with a unique, site-specific identifier that you can use to manage personalized content, assign user rights, and perform other tasks for the authenticated user. Sign-in and account management is performed by Windows Live ID, so you don't have to worry about implementing these details. Windows Live ID profile data is not shared with your site.
MOSS offers excellent security integration with Active Directory – but what if you don’t want to create AD accounts for SharePoint users? Enter custom authentication providers. MOSS enables developers to leverage the pluggable membership provider mechanism of ASP.NET to give SharePoint access to accounts that are not managed by Active Directory.
Login Procedure is as follows:
Click on Sign In :
The Membership and Role providers are linked in to the SharePoint Forms Based Authentication (FBA) architecture. This means that the Sign in and Sign Out mechanisms are integrated right in to SharePoint automagically.
Get Redirected To Live's Login Site:
When you click the Sign In link you will be redirected to the Windows Live ID login site. This site validates the user’s credentials, either by requiring them to login with their Live ID credentials or by validating that they have an active Windows Live session.
Get Redirected Back to SharePoint:
Once the Windows Live session is validated, the Live Login system will redirect you back to SharePoint. The Windows Live system requires an Application Administrator to register a single URL per application ID to return users to once they have been validated. The Windows Live request returns a signed authentication token that the SharePoint server verifies, and then uses to identify the user by their unique user token. This token is unique to each Application that is registered to the Windows Live system. What this means is if I register an application for contoso.com and one for litware.contoso.com I will get a different ID's for the same Windows Live ID on each system. These unique user tokens only provide the SharePoint server with validation that Windows Live has authenticated this user. It does not provide access to the Windows Live associated email, or really any information about the user.
User Token Is Processed:
When the Windows Live system responds to SharePoint, the user token is checked against the profile store. In the case of what I have written, I decided to test Microsoft's statement that with the performance tweaking abilities added to SharePoint, you can technically use a SharePoint list instead of using a SQL table for simple applications. I have set the user token and email columns of the profile list as indexed to help with searching against them. If this user token is new, the user is prompted to enter profile details such as display Name, Email Id etc. This is done to help with adding users to SharePoint sites. Remembering a long user token is difficult to do, however typing in an email address is much easier. The profile store itself is not accessible, unless you have specific access to the list so the data is protected.
Returned To The Sign In Page:
Once either the new user has submitted an email address or the pre-existing user check is completed, you are redirected back in to the SharePoint page you initially signed in from.
