The Mailowl Scrolls

Yes! I have got my first Hello World scenario with CardSpace working!

Using the “Accepting information cards in your website (in C#)” sample from the CardSpace site as a base, my main problem was I couldn’t get the scripts to run on my Vista machine (but I think it’s busy I’m missing a compatibility module somewhere).

So I installed the sample certificates manually and setup a virtual directory on the Default website to use SSL bindings (btw, IIS7 rocks! Everything is laid out so neatly making configuration a breeze); and as a last requirement I updated my host file to resolve the domains the certificates use point to my local machine. From there all I needed to create was an HTML document which would prompt the user for an Information Card and an ASPX page to display the claim data returned.

Getting certificates installed on my machine was surprisingly easy since I couldn’t find any information on the internet as to how to do it. There’s a lot of theory floating around but not a practical guide to what a developer actually needs to do to make it work on his machine.

As a simple guide, when you are playing with certificates on a dev machine there are 2 certificates you will need to install. There is the actual certificate you’re going to use on the website and a CA (Certification Authority) certificate which acts as the authority which issued the first certificate. To install the certificates open the Microsoft Management Console (Start -> Run -> mmc) and add the Certificates Snap-in. When adding the snap-in make sure it’s set to manage certificates for the Computer Account, local computer.

You’ll need to add the certificate that you’re using for the website to the Personal folder and the CA certificate to the Trusted Root Certification Authorities.

Now for what I think is the most important part; certificates are issued for a specific domain and to use your certificate you must enter the correct URL in your browser. So that you can point the domain (which might already exist in the outside world) to your localhost, you must update your host file (Start -> Run -> notepad c:\windows\system32\drivers\etc\host) and add 127.0.0.1 <your domain> and 127.0.0.1 <CA domain>.

That’s certificates in a nutshell. I think this little guide is worthy of a screencast and I will ask our Developer Readiness team if I can use their equipment to build one for public use.

Something to note when you get your first CardSpace sample up and running is that Personal Cards (cards that the user issues to themselves) only supports a fixed set of claims as supposed to Managed Cards (cards issues by an Identity Provider) which allow you to have custom claims (an example being credit card details). I found the list of possible claims at http://identityschemas.org/moin.cgi/CardSpace_Claim_Types.

I still have to actually authenticate users and hide or display data based on whether the user is logged in, so this story isn’t over yet.