Dominick Baier at LeastPrivilege has made leaps and bounds in his CardSpace control for the Microsoft ASP.NET environment (though it should work equally well for people using a Higgins identity selector or managed card). It is very cleanly designed. Amazingly, he's already added support for the new icon (does he ever sleep?). His blog has an ongoing discussion around the control and related issues:
After I made some incremental changes and releases of my CardSpace control (found some bugs, got some feedback), I wanted to consolidate all the information along with a new version and some new features here. It now contains all the features I need and will be the last release for some time i guess.
If you have any feedback or suggestions feel free to write me or leave me a comment. If you want to add support for XHTML, contact me too 😉
Download here. Have fun!
PS. This was only possible with a little help of my friends…thanks Brock and JasonD!
Features
Easy to use syntax
One of my main goals was to have an easy to use markup syntax and intellisense support. I don't want to type in all those namespace URIs…<lp:CardSpaceSelector runat="server" ID="_selector_sic" AutoPostback="true" IssuerType="SelfIssued"> <lp:ClaimType Name="givenname" /> <lp:ClaimType Name="surname" /> <lp:ClaimType Name="email" /> </lp:CardSpaceSelector>Clean markup and independence of the server form
The emitted markup works with Firefox and IE. I also made sure that the <object> tag is placed outside of the postback form. This allows you to have multiple postback controls on the form without triggering the identity selector.Support for standard InfoCard image
You can choose between all standard sizes of the official InfoCard image. You can also supply your own image and dimensions
Designer integration
I never use the designer – but I acknowledge the fact that some people do 😉 The control renders correctly in the designer and has an editor to setup the required/optional claims (including intellisense support).
Event driven
The control fires an event when a token is submitted.protected void _selector_sic_TokenSubmitted(object sender, TokenSubmittedEventArgs e) { string xmlToken = e.Token; }Conditional rendering
You can choose to render the control only if the client browser supports InfoCards. You can specify an alternative <div /> that would render in that case (e.g. to tell the user how to get CardSpace).Decoupling
I intentionally didn't couple the control with any user management semantics (like membership) or decryption clases (like the TokenProcessor). It is totally up to you how to proceed after you received the encrypted token. This is considered a feature 😉Properties
InfoCard setup
IssuerType
This enum has two values ‘SelfIssued’ and ‘Managed’. If you select ‘SelfIssued’ then the issuer URI for self-issued cards will be emitted. If you select ‘Managed’ you have to set the issuer URI yourself. Defaults to ‘SelfIssued’Issuer and IssuerPolicy
Specifies the URIs for the issuer and the issuer policy.TokenType
Specifies the token type. Defaults to SAML 1.0.PrivacyUrl and PrivacyVersion
Specifies to the URL and version of the associated privacy policy (if any).Image
ImageUrl
Specifies a custom image to display. Defaults to the official InfoCard icon.StandardImageSize
Selects one of the standard images sizes for the official InfoCard icon. Defaults to 114×80.Width & Height
Specifies the size of the image in pixels. Only relevant when a custom image is used.Rendering
RenderOnlyIfSupported
When set to true, the control will only render if the client browser supports CardSpace. You have to embed the control into a <div /> and specify the name in the DivToRender attribute. Defaults to false.DivToRender
Specifies which <div /> to render/make invisible based on client support.UnsupportedDiv
Optionally specifies a <div /> to render when CardSpace is not supported on the client.RenderMode
Choose between static and dynamic rendering. Static preserves the space for the control on the client. Defaults to Static.Misc
HiddenFieldName
Name of the hidden field used to transmit the token back to the page. Defaults to __XMLTOKEN.AutoPostBack
Specifies if the control posts back after a card has been selected. Defaults to false.TriggerOnLoad
Specifies if the identity selector should be invoked directly after the page has finished loading. Defaults to false.XmlToken
Holds the encrypted token after the user has selected a card.
Dominick also did a set of four videos on CardSpace for UK MSDN that I would recommend:
Also find the sample code he used here
Thanks to Vittorio Bertocci for pointing out that I should have said ASP.NET rather than just ASP. I've fixed the post.