Lab 13: Web Authentication
Details
Aim: To investigate the usage of OpenID and SAML for Web authentication.
Activities
L13.1 Go to:
[Link]
and create your new OpenID account. Next find some Web sites to login with
using your new account.
Write down your OpenID account, and try to find a few sites which support
OpenID and log into them.
L13.2 Using the following code:
[Link]
Add a new page called [Link], and then add the highlighted code in the
[Link] page:
protected void Page_Load(object sender, EventArgs e)
{
OpenIdData data = [Link]();
if ([Link])
{
[Link]("[Link]");
}
}
protected void Button1_Click(object sender, EventArgs e)
{
bool success = [Link]([Link], "email,fullname",
"country,language");
}
}
Prove that you can login with your OpenID identity.
1
�L13.3 Run the WINDOWS2003 VM image and Download the following to the
c:\inetpub\wwwroot\test folder:
[Link]
L13.4 Go into the IIS Manager and right click on the test folder (Figure L13.1), and set
it up with an Application Name (Figure L13.2).
Figure L13.1: IIS Manager
2
�Figure L13.2: test Properties
L13.5 Next run Visual Studio 2008, and select Open Web site and navigate to
c:\inetput\wwwroot\test.
L13.6 Next select [Link], and add the following code:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"[Link]
<html xmlns="[Link] >
<head>
<title>Sample 1</title>
</head>
<body>
<form id="form1" method="post" action="cardspace1_login.aspx">
<div>
<button type="submit">Click here to sign in with your Information Card</button>
<object type="application/x-informationcard" name="xmlToken">
<param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion" />
<param name="requiredClaims"
value="[Link]
[Link]
[Link]
[Link] />
</object>
</div>
</form>
</body>
</html>
L13.7 Next select cardspace1_login.[Link], and add the highlighted code:
protected void Page_Load(object sender, EventArgs e)
{
[Link] = [Link]["xmlToken"];
}
3
�L13.8 Next load [Link] and select the first example ([Link]). Select
your card (or create one), and login, such as:
L13.9 Next login remotely from your desktop into the virtual image, such as with:
L13.10 Next select [Link], and add the following code:.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"[Link]
<html xmlns="[Link] >
<head>
<title>Authenticate</title>
<object type="application/x-informationcard" name="_xmlToken">
<param name="tokenType" value="urn:oasis:names:tc:SAML:1.0:assertion" />
<param name="requiredClaims"
value="[Link]
[Link]
[Link]
[Link] />
4
�</object>
<script language="javascript">
function GoGetIt()
{
var xmltkn=[Link]("_xmltoken");
var thetextarea = [Link]("xmltoken");
[Link] = [Link] ;
}
</script>
</head>
<body>
<form id="form1" method="post" action="cardspace2_login.aspx">
<div>
<button name="go" id="go" onclick="javascript:GoGetIt();">Click here to get the to-
ken.</button>
<button type="submit">Click here to send the card to the server</button>
<textarea cols=100 rows=20 id="xmltoken" name="xmlToken" ></textarea>
</div>
</form>
</body>
</html>
L13.11 Next select cardspace2_login.[Link], and add the highlighted code:
protected void Page_Load(object sender, EventArgs e)
{
string xmlToken;
xmlToken = [Link]["xmlToken"];
if (xmlToken == null || [Link](""))
{
// ShowError("Token presented was null");
}
else
{
Token token = new Token(xmlToken);
[Link] = [Link][[Link]];
[Link] = [Link][[Link]];
[Link] = [Link][[Link]];
[Link] = [Link];
}
}
Next show that the Web site now displays the details from the card, such as:
L13.12 Export the card you have created, and view its contents. Now import it into
WINDOWS2003.
5
�Toolkit 7 (URL cache)
On-line demo:
[Link]
The objective of this series of labs is to build an integrated toolkit. Open up:
[Link]
and extract to a local folder. Next open up [Link], and double click on [Link]
(Refer to [Link] for a completed version).
7.1 Add a new tab named [OS], and add another tab into this tab (see Figure 7.3).
Next add two DateTimePickers (dtStart and dtEnd), two buttons, and two
datagridviews (dgURLCache and dgFileCache). Add the following code on the
Show History button:
Showhistory();
And the method:
using UrlHistoryLibrary;
public void Showhistory()
{
[Link]();
[Link]();
urlHistory = new UrlHistoryWrapperClass();
enumerator = [Link]();
list = new ArrayList();
GetHistoryItems();
[Link]();
if ([Link] != "")
{
[Link]([Link],
STATURLFLAGS.STATURLFLAG_ISTOPLEVEL);
}
foreach (STATURL u in list)
{
string[] url = new string[2];
url[0] = [Link]([Link]);
url[1] = [Link];
STATURL u1 = (STATURL)list[0];
if ([Link] >= [Link] && [Link] <= [Link])
{
u1 = (STATURL)list[[Link] - 1];
if (url[1].StartsWith("http")) [Link](url);
else if (url[1].StartsWith("file"))
[Link](url);
}
}
[Link]();
6
�7.2 Test that the program can view the URL history. Next add the following code
to the Clear URL History button:
DialogResult rtn=[Link]("Are you sure you want to delete all your
URL history?","URL History",[Link]);
if (rtn == [Link])
[Link]();
Figure 7.3
7.3 Test the program for its operation.
7.4 If you have time, investigate the “Special Folders” tab (see Figure 7.3), such as
with the following code:
DirectoryInfo d = new
DirectoryInfo([Link]([Link]));
ShowFiles(dgFilesRecent, [Link]);
public void ShowFiles(DataGridView dg, string folder)
{
try
{
[Link]();
string[] files = [Link](folder);
CreateMessageForStatus(tbFiles, folder);
foreach (string s in files)
{
string filename = s;
FileInfo f = new FileInfo(filename);
7
� string[] s1 = new string[2];
s1[0] = [Link]([Link]);
s1[1] = s;
CreateMessageForStatusAppend(dg, s1);
}
}
catch (Exception ex)
{
}
}
This code allows the user to view the “Recent” special folder. If you get this
code to work, try and view the other “Special folders”.
