Windows CardSpace: FAQ for ASP.NET Developers

Few frequently asked question for ASP.NET developers:

  1. The Identity Selector dialog box is displayed only for SSL protected pages. Therefore you are required to deploy your application on a Web server and install a SSL Certificate.
  2. Windows CardSpace does not work with Self Signed Certificates and will die horribly. These certificates do not have CRL field. It contains a URL that CardSpace will check for the revocation list.
  3. For ASP.NET developers there is Toolbox control written by Christian Arnold. Add this to your Toolbox and you won’t need to write a single line of code. Watch demo.
  4. When you use CardSpaceLogin controls you must run application over SSL. The application pool also need to be run under Local Systems identify; otherwise w3wp.exe process will not be able to retrieve server’s private key. In such case you may end up with error stating Keyset does not exist. Note: This is not advisory if the application pool is shared with other Web applications. [ Edited: Refer Barry Dorrans comment for more details.]
  5. When using Information cards there is nothing like passwords.
  6. CardSpaceLogin controls are integrated with your identify providers such as Forms Authentication. For example: If you use Information Card to register a user, his details are reflected in the identify source.
Tagged on: , ,

3 thoughts on “Windows CardSpace: FAQ for ASP.NET Developers

  1. barryd

    On point 4; no. Never ever do this. ASP.NET is not run as LocalSystem for very good reasons, it’s as high in the security context as you can get, and should IIS be compromised your entire machine is then wide open.

    Instead run your process as normal (Network Service or a custom account) and grant read access to the SSL certificate instead.

    I’ve put together the steps you need to take on my blog this afternoon;

  2. kapil

    i am making a website for our school . sir please tell me how to provide the facility to download application form. mean how to create download option in 2.0 with c #

  3. ds r4

    Thanx for the information and the links. I was facing a problem at SSL certification with hotmail server for address-book retrieval. This post gave me some helpful idea.

Leave a Reply

Your email address will not be published. Required fields are marked *