For my web application I am using Azure ACS for authentication. I follow this [1]: http://msdn.microsoft.com/en-us/library/hh127794.aspx to implement my code. I only authenticate Windows Live users only. I found out ACS does not provide user info such as username, email and etc.
private static bool GetUrlFromContext(FormCollection form)
{
WSFederationMessage message = WSFederationMessage.CreateFromNameValueCollection(new Uri("http://www.notused.com"), form);
return (message != null ? message.Context : null);
}
This code verified the authentication. But I need some unique identifier to keep track of the user.
I am looking for a Unique id to keep the track user.
WSFederationMessage.CreateFromNameValueCollection(new Uri("http://www.notused.com"), form);
This returns a response looks like this
<t:RequestSecurityTokenResponse Context="http://localhost:64000/"><t:Lifetime><wsu:Created>2013-03-19T09:31:49.237Z</wsu:Created><wsu:Expires>2013-03-19T10:31:49.237Z</wsu:Expires></t:Lifetime><wsp:AppliesTo><EndpointReference><Address>http://localhost:64000/</Address></EndpointReference></wsp:AppliesTo><t:RequestedSecurityToken><Assertion ID="_ad47777b-18da-4142-8bb5-198a724ccb29" IssueInstant="2013-03-19T09:31:49.268Z" Version="2.0"><Issuer>https://logintest.accesscontrol.windows.net/</Issuer><ds:Signature><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_ad47777b-18da-4142-8bb5-198a724ccb29"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><ds:DigestValue>//gh2d9XZF9P7X4mqy/VxGamRMlH1Gt6xTI8BvcBbQg=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>D/g5pZoyvTDxBZ4pvy4Pj3+GmnG8EgxHkAEtHHqYkD3DVNrOkwkd5+Ubg2jJBaHlzEcY6N+oGl+XsNvuMIyttk+lgnaCLTggYdcFJMkcBA/zaKdDdfG78tyV8ZU64hySRO5gSvZMIUBWRdryBNHzXuoGF2AsJkQzSTp3pZoutUQQ1Va3UsgE45hfEIoNzCG8t476F/p/njq0XB0+1Fl/87SN/oyYt58l8zX16R8sRTfAvN9DDFPaROyXMfDbRVF+T/6YCgZdRPtCtR+nZEYH8ss6QmZpd21nrgOYF0ASdxxe6bmq0gAT6VBiMhpO4B0FUzO30AezaGld1oYzi+nTYA==</ds:SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDFDCCAfygAwIBAgIQJK0cd7iVIoRMyjnvkkDLDjANBgkqhkiG9w0BAQUFADAuMSwwKgYDVQQDEyNsb2dpbnRlc3QuYWNjZXNzY29udHJvbC53aW5kb3dzLm5ldDAeFw0xMzAzMTMwOTUzMjZaFw0xNDAzMTMxNTUzMjZaMC4xLDAqBgNVBAMTI2xvZ2ludGVzdC5hY2Nlc3Njb250cm9sLndpbmRvd3MubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtio2R5cC28rleova/v928PzvoXXlnvllbQWbYpcxIfz8SQ6//+v3jqA07Zb4er6jpu697fQyR/qLJA3Xm0gwI2wj5nvGbOTLMTEo5tMy0RGeIpErHTEHFHgkPkvhwwehg18Ew+9h5Elsm+SAHfb1J2Bb3txhZ/ka02qeNWc2JRJeubnjTvOBHGPv9p3oeV0Wk5osZyg0bUOpbBAJamqcaeu2mrBt8zuPkH2jjHiJ2CqUv0/3BWwpeYzVQs8/PrWMsPgThgzaU/6toQLMyZRiJj16BkXNfimd4QjSwJZElyg2wHWmpn+WG4l7C1w3832eeMEBuyYX9XA/cY0j5wN+nQIDAQABoy4wLDALBgNVHQ8EBAMCBPAwHQYDVR0OBBYEFIaS77q7MmvRIMIJRaCB6h70Bf31MA0GCSqGSIb3DQEBBQUAA4IBAQAgxGatpwdOaenf5hwZXtIOcdDW74wEGiOrqD7N5dhVslG0a9R0J6IqaLtWCnx9bUWobsJl0qohLBrnTfZfeOnFmPlqTNL80KrikW/x+Ay5zXF9RYXnqZCx80Ty0WoQDtb7ogCmtMG7WwdoFBIiv5XOMzNcoLgcx/sWxemOIfswuKNCaWnBV7ai2cPv+kkVNj7XcMLxPKCG9/RoY1yq7LIKx5UWygJX68p7fhBkMY4uHxkaJwIhLgHXF4ozifjxKd/kWoYi01VSzB2ald3f1arog7Y0BujKHveLc6f0+eZWu/Og+/Cann9M0e2f9NzBNVVee37cyp7faSHDA7XUOAoB</X509Certificate></X509Data></KeyInfo></ds:Signature><Subject><NameID>xWTQfgjexVZ4sturSHZmdppGj/am1IweOYHgc139TrE=</NameID><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/></Subject><Conditions NotBefore="2013-03-19T09:31:49.237Z" NotOnOrAfter="2013-03-19T10:31:49.237Z"><AudienceRestriction><Audience>http://localhost:64000/</Audience></AudienceRestriction></Conditions><AttributeStatement><Attribute Name="http://schemas.microsoft.com/accesscontrolservice/2010/07/claims/identityprovider"><AttributeValue>uri:WindowsLiveID</AttributeValue></Attribute></AttributeStatement><AuthnStatement AuthnInstant="2013-03-19T07:36:40.000Z"><AuthnContext><AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef></AuthnContext></AuthnStatement></Assertion></t:RequestedSecurityToken><t:RequestedAttachedReference><SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_ad47777b-18da-4142-8bb5-198a724ccb29</KeyIdentifier></SecurityTokenReference></t:RequestedAttachedReference><t:RequestedUnattachedReference><SecurityTokenReference d3p1:TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"><KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID">_ad47777b-18da-4142-8bb5-198a724ccb29</KeyIdentifier></SecurityTokenReference></t:RequestedUnattachedReference><t:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType><t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType><t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType></t:RequestSecurityTokenResponse>
I thought in this response <NameID>xWTQfgjexVZ4sturSHZmdppGj/am1IweOYHgc139TrE=</NameID> contains unique value. But it seems differ PC to PC.
Please suggest me a way to achieve this.
Thanks in Advance!
No. There is no way. The uniqueness however is not from PC to PC, but from Application to Application. And from ACS NameSpace to ACS Namespace. You should be checking NameIdentifier Claim, which I think is mapped to this NameID, but I'm pretty sure that signing-in with same LiveID over the same ACS Namespace for the same Relying Party will always give you the same NameIdentifier claim. Check out my answer to this StackOverflow question, as I deeply explain where is the uniqueness.