I spent a little more time this afternoon polishing the info card login process on Casa dé Hambone. Let me know what you think.
I really liked how sxcore and sandbox.netfx3.com are handling their info card login. Sxcore specifically has a nice way of using a GET to kick off the process which eliminates the need to have a separate form element on the web page for the information card activator.
In addition to cleaning up the code, I
- Eliminated the "This page contains both secure and nonsecure items" warning by having Login.aspx fire off a GET to a handler that is 100% secure
- Activate the CardSpace UI from a separate dedicated handler page; the result is no CardSpace UI popping up if you attempt to anything else from the login page other than sign in with an info card
- Properly handle cases where you cancel submission of your info card and/or your browser does not have support for information cards
- Implemented a unique identifier for the click back handler that verifies your email address
- Automatically approve comments from information card users, even if comment moderation is enabled
- Turned off caching of the start page to accurately display the logged in state of normal users
What started as a simple project to Windows CardSpace-enable the DasBlog admin account has yielded a ton of key learning and design that you'll have to consider when adding support to your own site for information cards. The technology itself is cake ... the devil is in the details. Fortunately, I captured all of those details and decision points along the way and will be starting a series of blog posts on each one soon.