Before we get into the details of implementing Windows Live ID Web Authentication on your site, let's take a moment to understand the overall flow of events involved in the authentication process.
Authentication Flow
The following figure illustrates the relationship between the user’s browser, your Web server, and the Windows Live ID authentication service.
Windows Live ID System Architecture.jpg)
The stages of authentication, as shown in the figure, are:
-
User requests a Web page. The user, using a Web browser, visits your Web site for the first time and has not yet signed in by using Windows Live ID.
-
Your site returns a sign-in link. Your site returns a page that displays a special sign-in link in an IFRAME element. For details, see Displaying the Sign-in Link.
-
User clicks the sign-in link.
-
Windows Live ID returns the sign-in page. The Windows Live ID authentication service directs the user to its sign-in page.
-
User supplies credentials. On the Windows Live ID sign-in page, the user types his or her Windows Live ID credentials (e-mail name and password) and submits the form.
-
Windows Live ID authenticates the user. The Windows Live ID authentication server receives the sign-in request and validates the user’s credentials.
-
Windows Live ID redirects the user to your site. If the credentials are valid, the authentication server responds by redirecting the user to your Web site along with a token as a FORM POST parameter. This token is proof that Windows Live ID has verified the user’s identity. Your site can decrypt this token to obtain the user's unique identifier. For details, see Handling the Response from the Service.
-
Your site displays protected or personalized content. After you have obtained the user's unique identifier, you can use it to store or display protected or personalized content. You can also choose to incorporate Windows Live Controls into your site. For details, see Incorporating Windows Live Controls.