Chapter 15. Third-Party Authentication

As you browse the Web and register on various sites, it becomes problematic to remember the username and password for each new site you visit. You have several choices:

  • Use the same username and password everywhere (meaning if one Web site gets hacked, or your trust in the company keeping your information secret is misplaced, then your login information for other sites is now at risk)

  • Use individual usernames and passwords and rely on the browser to remember them for you (as well as to remember to back up your authentication list)

  • Install a password-safe program where passwords are created and stored on your computer and are automatically or manually put into the browser, or

  • Use a browser plug-in to generate strong passwords and store them in a third-party service (hoping that the service continues)

In this chapter, you will learn about the following:

  • The history of third-party authentication

  • How to integrate Security Assertion Markup Language (SAML)/Information Cards into your Web site

  • How to integrate OpenID into your Web site

  • How to integrate Windows Live ID into your Web site

(SAML)/Information Cards, OpenID, and Live ID are all ways of delivering a third-party authentication token to your Web site.


Federated identity is a generic term describing the scenario where a user's identity can be used across multiple systems, within a single organization, or on systems external to the organization providing the identity. ...

Get Beginning ASP.NET Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.