In yesterday’s episode we very briefly touched the identity and authentication part of the demo where, on the self-service site, the attendee registers using Windows Live ID. In this episode we go a lot deeper.
Identity and authentication is hard. Simple, scalable and secure login capabilities require a great deal of experience to build and a great deal of effort to maintain and keep running. Windows Live ID provides you a proven solution for building identity-aware applications and is used today by over 460 million users.
In our case, since we’ve integrated Live ID into the system, we let Microsoft manage all the details related to identity and authentication. Live ID assigns each of our users a token that is specific to our site. That means Microsoft lets us know that the person coming to the site is the same person that registered. That token is unique to our site so that from the perspective of the user their privacy is protected (e.g. they cannot be tracked across multiple web sites). In fact, the token is the only thing the site will see. So even though the user may use an email address and password to login to Live ID the site never sees that unless the user explicitly provides that information (as in our example by typing it into a profile page).
The simplicity of this is just amazing. As a developer I just have to register my site with Windows Live ID and then redirect my users to the Live ID login page whenever I need them to be authenticated. Live ID handles the authentication and then redirects back to a page that I’ve registered. You can even brand the Windows Live ID login page that your users will see so that it will appear as if it is your own login page. Nice!
While Windows Live ID does a great job of helping me as a conference organizer to identify and authenticate my conference attendees, we also need to authenticate the Windows Azure site to the Dynamics CRM site so that they can exchange information. We’re obviously not going to have CRM licenses for all our self-service users (the thousands of conference attendees in this case) so we use a certificate on the Windows Azure site to ensure that only that site has access to the CRM data. Once the certificate is on my Azure site, we use a Live ID service account to handle the authentication between the two servers.
This episode is part of a 5-part series. In this series we’ve tried to explain how you can combine the Microsoft Web Platform with Dynamics CRM to quickly build and deploy self-service solutions. The full set of videos include:
- Dynamics Duo Rides Again
- Dynamics Duo: Everybody needs an Identity (this video)
- Dynamics Duo: Wide World Importers Code
- Dynamics Duo: Composition with Third-Party Web Services
- Dynamics Duo: Silverlight and Jazz Hands
Both Girish and I enjoyed recording this series. We hope you enjoyed them as well. If you have comments or suggestions for other topics, feel free to add comments below or email Girish or me (Ben) directly.