In yesterday’s episode we very briefly touched the identity and authentication part of the demo where, on the self-service site, the attendee registers using Windows Live ID. In this episode we go a lot deeper.
Identity and authentication is hard. Simple, scalable and secure login capabilities require a great deal of experience to build and a great deal of effort to maintain and keep running. Windows Live ID provides you a proven solution for building identity-aware applications and is used today by over 460 million users.
In our case, since we’ve integrated Live ID into the system, we let Microsoft manage all the details related to identity and authentication. Live ID assigns each of our users a token that is specific to our site. That means Microsoft lets us know that the person coming to the site is the same person that registered. That token is unique to our site so that from the perspective of the user their privacy is protected (e.g. they cannot be tracked across multiple web sites). In fact, the token is the only thing the site will see. So even though the user may use an email address and password to login to Live ID the site never sees that unless the user explicitly provides that information (as in our example by typing it into a profile page).
The simplicity of this is just amazing. As a developer I just have to register my site with Windows Live ID and then redirect my users to the Live ID login page whenever I need them to be authenticated. Live ID handles the authentication and then redirects back to a page that I’ve registered. You can even brand the Windows Live ID login page that your users will see so that it will appear as if it is your own login page. Nice!
While Windows Live ID does a great job of helping me as a conference organizer to identify and authenticate my conference attendees, we also need to authenticate the Windows Azure site to the Dynamics CRM site so that they can exchange information. We’re obviously not going to have CRM licenses for all our self-service users (the thousands of conference attendees in this case) so we use a certificate on the Windows Azure site to ensure that only that site has access to the CRM data. Once the certificate is on my Azure site, we use a Live ID service account to handle the authentication between the two servers.
Watch in the embedded viewer above or on Channel 9: