Windows Live Authentication on custom blogs RRS feed

  • Question

  • So we have successfully completed previous level on making WLW work with SharePoint through ISA Server. Well, here's a bonus one.
    Windows Live ID platform provides authentication to third-party web sites via feature called 'Web Authentication'. Lawrence Liu has created a membership provider that leverages this feature for SharePoint web sites. It works perfectly with web browser, but WLW does not uderstand it.

    Here's how WLW generally works with SharePoint. When we specify blog type as 'SharePoint Blog' writer makes a request to '/_layouts/metaweblog.aspx'. When native Windows or ASP.NET authentication is in use, the server returns
    Status Code: 401, Unauthorized
    Reason: Unauthorized
    WWWAuthenticate: Basic

    So WLW understands that it needs to supply user credentials to proceed and it prompts a user for them.

    But when we use Live ID Mempersip Provider, we need to redirect authentication requests to Windows Live web site for users to provide their credentials via web form. We typically achieve this adding LoginURL property to our web.config file.

    We have to assume here that the client is always a web browser. So when WLW makes a request to protected web page (which is '/_layouts/metaweblog.aspx'), the server tries to redirect it to Live ID authentication form.

    StatusCode: 302, Moved temporarily
    Reason: Found
    Location:  /_layouts/liveauth-handler.aspx?action=login&ReturnUrl=%2f_layouts%2fmetaweblog.aspx

    But this is actually someting that WLW does not expect. So it shows us an error message, telling that it can not proceed with this blog.

    Well, it seems that WLW generally can work with Live ID. It is the only authentication scheme available for Windows Live Spaces. And Spaces are natively supported by WLW. But the story with Spaces is quite different from SharePoint.

    When we specify blog type as 'Windows Live Spaces', then the very first thing WLW does is asking user for his/her LiveID. And the second thing is checking the credentials supplied by talking securely via SSL to login.live.com. And only after this it starts working with the Spaces itself at http://spaces.live.com/api.aspx.

    So it seems to me that WLW supports LiveID using Client Autentication, not Web Authentication. And here's my feature request to WLW team. Would you be so kind to extend this support to custom blogs using the same authentication scheme? At least to SharePoint with Live ID Membership Provider.

    Thanks for reading this :)

    P.S. Also started a complimentary discussion at CKS:WLA forum.

    Thursday, December 25, 2008 9:30 AM

All replies

  • We don't support this right now, and I doubt we will anytime soon.  This might be something we look at if we do OpenAuth or OpenId support.  Until then, you might be able to hack something into Sharepoint, I am not sure how much extensibility they allow in the API endpoints.  Sorry I don't have a better answer for you right now.
    -Brandon Turner [MSFT]
    Monday, January 5, 2009 12:09 AM
  • I've just tried this to get to my blog for TechEd 2009 on our coporate site (from my netbook on my home, private network) and get exactly the same error - that one is Sharepoint 2007 behind ISA... I would have expected this combination to work.
    Looks like I'll just have to use a browser instead (which does work on the same netbook).
    Friday, October 23, 2009 12:41 PM
  • Brandon,

    have you got any new information about it?
    I try to connect to a SharePoint 2007 blog that uses Forms Authentication, and the following error occures:

    WindowsLiveWriter,1.3940,None,00018,14-Oct-2009 09:46:54.099,"== BEGIN WebException =====================",""
    WindowsLiveWriter,1.3940,None,00019,14-Oct-2009 09:46:54.099,"Status: UnknownError",""
    WindowsLiveWriter,1.3940,None,00020,14-Oct-2009 09:46:54.099,"System.Net.WebException: Found: Found...
    <html><head><title>Object moved</title></head><body>
    <h2>Object moved to <a href=""%2f_layouts%2flogin.aspx%3fReturnUrl%3d%252f_layouts%252fmetaweblog.aspx"">here</a>.</h2>

    It works well with Windows Integrated auth, but it is an internet public site and we must use Forms Auth.
    I don't really understand why Live Writer doesn't support it. Or am I doing something wrong?

    Monday, October 26, 2009 5:04 PM