Federation vs. Messenger Web API RRS feed

  • Question

  • Hi

    I've started exploring Live ID for web authentication and I'm a bit confused. So far, I found:
    - Live ID SDK
    - Live Messenger Web API
    - Windows Identity Framework

    I was trying to find an information on which of the above is the chosen way at the moment. Looks like Messenger Web API is the latest with WIF standing just next to is and Live ID SDK seems to be a few years old. Can someone give me any guidelines which of those should be used and is the current recommended solution?


    Jimmy, Symantec Gloucester .NET User Group http://www.gl-net.org.uk
    • Moved by Vikas-Ahuja Monday, March 8, 2010 1:33 PM right forum (From:Live Framework)
    Sunday, February 28, 2010 8:07 PM


All replies

  • Hello, Live Messenger Web API uses Live ID (web authentication and delegated authentication) SDK under the hook. If you're working with Live Messenger, this is your choice.

    WIF is used in federated scenarios. For example, you want to use Live ID as one of the identity providers (or STS) your service trusts. You may have additional STSes, such as a local ADFS. You don't care how the users are authenticated. You just need to know if they're granted permission to access your service. You pass the identity obtained from Live ID or other STSes to an authorization manager (such as AppFabric Access Control). The authorization manager checks the user's identity, and converts it to the identity that your service accepts. Then send the output identity to your service.
    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, March 1, 2010 6:43 AM
  • Hi

    But one can still use Live ID SDK directly by adding iframes to the page to get authentication. I guess this will be an alternative for WIF. However I found some differences. I wonder if you could put some light on them:

    1. Live SDK (and Messenger Web API) uses Live services to get App ID. How can I set up development environment there? It does not allow me to enter localhost as a domain. Then, assuming I will know how to use that in dev, can I use WIF too?

    2. WIF from the other hand is using Service Manager from http://msm.live.com. I can set up localhost easily there but there are some problems. I can't force it to work with http for return url. It works fine with https but displays error instead of login when configured to use http. Is it possible to use http as return url?


    Jimmy, Symantec Gloucester .NET User Group http://www.gl-net.org.uk
    Monday, March 1, 2010 9:10 AM
  • Moving your thread to http://social.msdn.microsoft.com/Forums/en-US/wliddev/threads
    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, March 8, 2010 1:32 PM
  • The Live ID system keys sites off of their DNS Name as defined in MSM.live.com, for this reason localhost is not supported.  I would suggest you use a fully qualified domain name and spoof it using the hosts file on your end if you need to.

    Tuesday, March 9, 2010 4:40 PM
  • s.jimmy,

    To elaborate on Aaron's post, simply use www.example.com as the domain for your return URL, and then put this line in C:\Windows\system32\drivers\etc\hosts:          www.example.com

    example.com is a fake domain created specifically for writing documentation and example code.
    Friday, March 12, 2010 2:45 AM