Getting Your Application ID for Delegated Authentication

Windows Live

To implement Windows Live ID Delegated Authentication, you must register your Web site with Microsoft^® as an application and receive an application ID for use with the service.

Only a person who has a valid Windows Live ID can register an application and receive an application ID. After you have registered your application, it can access information from other Windows Live ID services. You can sign in and change your application's registration settings at any time.

 Registering Your Application

The Windows Live ID Application Center assists you with the registration process, issues your application ID to you, and provides a place where you can continue to manage all the applications you register.

Important:
When you register an application, you must supply a domain name in which the application is located. This domain name uniquely identifies your application in Windows Live ID, so multiple applications cannot share the same domain name.

About Your Secret Key

As part of registering your application, you must create a secret key. Windows Live ID uses this key to encrypt and sign all tokens that it sends to your site. It is strongly recommended that you employ strong security measures to protect this key. The following links offer ways in which to implement these security measures:

• "How To: Encrypt Configuration Sections in ASP.NET 2.0 Using RSA" at http://msdn2.microsoft.com/en-us/library/ms998283.aspx details the use of the RSA Protected Configuration Provider for web.config files. However, the basic techniques may apply to scenarios other than web.config file management.
  
• "How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI" at http://msdn2.microsoft.com/en-us/library/ms998280.aspx discusses how to use the Microsoft Windows^® Data Protection API (DPAPI) for machine-level or user-level storage.
  

Getting Your Application ID

Follow these steps to register your application and get your application ID:

1. Go to the Windows Live ID Application Center (https://msm.live.com/app/default.aspx).
   
   
2. Click Register an Application.
   
3. Sign in by supplying valid Windows Live ID credentials. (Your Windows Live ID identifies you as the owner of the applications you register.) The following page appears.
   
   
4. Provide the information described in the following table.
   

   Item	Description
   Application Name	A unique and friendly name that you use to refer to your application. We recommend specifying a human-readable name. Important: The application name you specify should contain only alphanumeric characters. It cannot be changed after registration is complete.
   Return URL	The URL of the page on your Web site to which the Windows Live ID consent service redirects users (along with the consent token) after they have completed the consent-request process. You must create a page on your site corresponding to the return URL, to handle the response from the consent service and receive the consent token. You can change the return URL later when you extend and adapt the sample code to your Web site. Important: If your return URL or other site pages use Secure Sockets Layer (SSL), use "https" in the src attribute for the sign-in link. The return URL must be a fully qualified Domain Name System (DNS) URL pointing to a page on your Web site, and it must not contain IP addresses or query-string parameters.
   Domain Name	The fully-qualified Domain Name System (DNS) name of your application. Important: The domain name uniquely identifies your application in Windows Live ID, so multiple applications cannot share the same domain name. The domain name must be a fully qualified Domain Name System (DNS) name and must not contain IP addresses or query-string parameters.
   Secret Key	A shared secret between you and Windows Live ID. Windows Live ID uses this key to encrypt and sign all tokens that it sends to your site. Choose a secret key that is difficult to guess, and create security procedures to manage this key. The secret key must meet the following minimum requirements: The secret key must be between 16 and 64 characters in length. The secret key cannot contain any of the following characters:< > % ; Although not required, we strongly recommend that the secret key also: Be case sensitive Use three of the following four types of characters: Uppercase letters (A, B, C…) Lowercase letters (a, b, c…) Numerals (1, 2, 3…) Special characters (` ~ ! @ # $ ^ & * ( ) _ + - = { } | [ ] \ : " ' ? , . /) Not contain any of the following: Common words or names, or close variations Spaces or non-English characters Any portion of your e-mail address Any portion of your secret question or answer
   Application verifier required	Indicates whether an application verifier token must be included in the consent request URL whenever the application requests consent. If this flag is set to 0, an application verifier is not required and "anonymous" consent requests are permitted; if it is set to 1, an application verifier must be included in consent requests from this application. Setting this value to 1 is recommended because an application verifier token enables registered applications to identify themselves to Windows Live ID and to the resource provider. For more information about the application verifier token, see its definition in Glossary for Delegated Authentication.

5. Type the characters you see in the picture, and then select the View the Windows Live ID terms of use check box.
   
6. Click Submit. After registration is complete, your application ID is displayed.
   

   Note:
   The application ID is a 16-character string that represents your application. Record this string for later use.

Registration is finished! You can now begin implementing Delegated Authentication.

Whenever you want to retrieve your application data, return to the Windows Live ID Application Center and click Manage My Applications. Sign in with the Windows Live ID account that you used during registration to see and manage your applications.