Live Id with ACS vs. Live SDK

Question

In several threads we can read that ACS with Live Id does only support NameIdentifier about the user so the email cannot be retrieved.

However using LiveSDK email can be get.

Why is the difference? What can I do with a simple name identifier in ACS?!

The main point would be to federate the IdP-s, but it just does not work, because I will need to use Live SDK to get the email of the user for Live Id, and ACS (or a custom solutions) for the other providers, facebook, yahoo, etc.

Answer 1

Yes that's really unfortunate.

Still - the nameid can be used to have a stable identifier for the user - so you can "remember" him.

You need to keep a local profile of that user then, but that is most of the time required anyways.

---

Dominick Baier | thinktecture | | @leastprivilege http://www.leastprivilege.com

Answer 2

ACS is all about identity. In Windows Live, the identity is not the email address, but the name identifier. If you just need a way to uniquely identify a user, then it should be enough. If you need more information, such as email, SkyDrive access, etc. you need to use Windows Live SDK. Similarly, ACS does not allow you to upload pictures to Picasa, post messages to Facebook walls, and so on. At the moment, ACS only focuses on identity related features.

---

Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

Answer 3

I fully understand the point of ACS now, however I
have some concerns:

From the user's point of view you log in somewhere,
and then you have to register again: give your name/username, e-mail etc. It
does not really simplifies the process.

From developers point of view, for google, facebook,
etc. I can get the info like name or e-mail. I do not need picasa access or
skydrive. I need a name, so I can greet my user, and e-mail so I can send him
an e-mail. (when I need more, I use the custom SDK)

If my user needs to provide these basic info by
himself, and I have to implement a registration form for this, why would I use
ACS for authentication/registration? I mean I could still use the ASP.NET
provided authentication module.

Answer 4

Because you don't want to get into the business of storing (and securing) your user's credentials?

---

Dominick Baier | thinktecture | | @leastprivilege http://www.leastprivilege.com

Answer 5

When I get customer demand it sounds like:

"I want my users to login with facebook, live id and google; this way we don't need a custom registration, we don't bother our users." Then you figure out you need the name and e-mail address of your user, and nothing else.  

And then you think this way: I could use ACS, but when it comes to live id, I am stucked, because I cannot get these info. Other solution: I will need to use three different SDKs for authentication and registration, and it will take a while to implement. So ACS is cool, I would love to use it, but it just not enough.

Answer 6

As i said - that's unfortunate and I also hope that LiveID via ACS will provide that data some day.

But in my experience, you need a local copy of that data (name, email address) anyways. So I ask my users one time if I can't get the data elsewhere from.

So not really a deal breaker. But YMMV.

---

Dominick Baier | thinktecture | | @leastprivilege http://www.leastprivilege.com

Answer 7

Can I use ACS NameIdentifier to create request to LIVE SDK to get additional data of the user?
NameIdentifier is domain dependent, and I guess Live SDK's Uid is app dependent as well. Can these match?

Answer 8

No.

There's a technological gap between ACS and Live Connect. Hopefully fixed at some point.

---

Dominick Baier | thinktecture | | @leastprivilege http://www.leastprivilege.com

Answer 9

As mentioned by Dominick there are technological differences between ACS and Live ID SDK. ACS is built on WS-Fed compliant technology where as Live ID is built based on open id technologies.

Since ACS is provides only claims through which no personal information is revealed to any consumers without consent from customer. Where as when using LIVE ID SDK user would provide the consent for accessing their PII information.

You have to either take ACS route if you dont want any live id information of a person, it it is required you have to go through LIVE ID tool kit route.

Hope it explains.

---

Please mark the replies as Answered if they help and Vote if you found them helpful.