Streamlining my Information Card login process

I spent a little more time this afternoon polishing the info card login process on Casa dé Hambone. Let me know what you think.

I really liked how sxcore and are handling their info card login. Sxcore specifically has a nice way of using a GET to kick off the process which eliminates the need to have a separate form element on the web page for the information card activator.

In addition to cleaning up the code, I

  • Eliminated the “This page contains both secure and nonsecure items” warning by having Login.aspx fire off a GET to a handler that is 100% secure
  • Activate the CardSpace UI from a separate dedicated handler page; the result is no CardSpace UI popping up if you attempt to anything else from the login page other than sign in with an info card
  • Properly handle cases where you cancel submission of your info card and/or your browser does not have support for information cards
  • Implemented a unique identifier for the click back handler that verifies your email address
  • Automatically approve comments from information card users, even if comment moderation is enabled
  • Turned off caching of the start page to accurately display the logged in state of normal users

What started as a simple project to Windows CardSpace-enable the DasBlog admin account has yielded a ton of key learning and design that you’ll have to consider when adding support to your own site for information cards. The technology itself is cake … the devil is in the details. Fortunately, I captured all of those details and decision points along the way and will be starting a series of blog posts on each one soon.

Technorati tags: , ,