I spent a little more time this afternoon polishing the info card login process on Casa dé Hambone. Let me know what you think.
I really liked how sxcore and sandbox.netfx3.com are handling their info card login. Sxcore specifically has a nice way of using a GET to kick off the process which eliminates the need to have a separate form element on the web page for the information card activator.
In addition to cleaning up the code, I
- Eliminated the “This page contains both secure and nonsecure items” warning by having Login.aspx fire off a GET to a handler that is 100% secure
- Activate the CardSpace UI from a separate dedicated handler page; the result is no CardSpace UI popping up if you attempt to anything else from the login page other than sign in with an info card
- Properly handle cases where you cancel submission of your info card and/or your browser does not have support for information cards
- Implemented a unique identifier for the click back handler that verifies your email address
- Automatically approve comments from information card users, even if comment moderation is enabled
- Turned off caching of the start page to accurately display the logged in state of normal users
What started as a simple project to Windows CardSpace-enable the DasBlog admin account has yielded a ton of key learning and design that you’ll have to consider when adding support to your own site for information cards. The technology itself is cake … the devil is in the details. Fortunately, I captured all of those details and decision points along the way and will be starting a series of blog posts on each one soon.