Windows Live Authentication with SharePoint 2010

New in SharePoint 2010 is claims based authentication.  This opens up a whole new world of authentication possibilities.   You are no longer limited to just AD, LDAP or ASP.NET membership.   One of the options available now with claims based authentication is to use Windows Live ID.

Why would you want to use Windows Live ID on SharePoint?   It can reduce maintenance and administrative overhead for extranets or public facing web sites.   You no longer have to worry about creating and maintaining another user account store, and you don’t have to deal with password reset issues.   This option also enables millions of existing account holders to easily log into your SharePoint environment without having to sign up for and remember one more account.

While researching methods for using Windows Live ID with SharePoint 2010 I ran across the following web sites:

Wictor Wilen’s blog – Visual Guide to Windows Live ID authentication with SharePoint 2010

FPWeb.Net – Claims authentication against Windows Live ID for SharePoint 2010

TechNet – Configure claims-based authentication using Windows Live ID

Each of the articles provide the basic information on configuring Windows Live ID with SharePoint 2010, however, there were a few details left out.  Below are a few pointers as you work to get Windows Live ID working with your SharePoint environment:

  • You must first test out your implementation of claims based authentication using the Microsoft Windows Live ID internal environment (WLID-INT).   Once you have your SharePoint environment working with WLID-INT you can migrate it to the production WLID environment.
  • When testing your implementation on WLID-INT you must use a new user account created in the WLID-INT system.   You cannot use an existing production Windows Live ID account for testing.   You must also ensure that you create an account with the extension @hotmail-int.com.   Failure to do this will cause Windows Live ID authentication to time-out and not redirect to your site.
  • You do not need to have your test SharePoint environment accessible via the Internet in order for claims based authentication with WLID-INT to work.   You just need to ensure that the users testing the environment can properly resolve the fully qualified domain name (FQDN) being used.
  • You will only receive the passport unique identity (PUID) for the authenticated user.  You will not have access to their name, email or any other personal information.  If you require that information, you will need to ensure that your users are required to complete their SharePoint user profile prior to providing them permissions to your site.
  • The SharePoint web application must be created with both claims based authentication and SSL enabled.   You can use a self-signed certificate for testing.
  • You don’t need to purchase a 3rd party solution to enable Windows Live ID support with SharePoint 2010.

image

0 thoughts on “Windows Live Authentication with SharePoint 2010”

  1. Hi Mike. Thanks for the post. I am having a problem configuring SharePoint 2010 with Window Live Int. I have configured everything based on Wictor Wilen’s blog. When I browse to my local sharepoint site I am redirected to the login page (as expected). I select “LiveId Int” and get redirected to this page:

    https://login.live-int.com/login.srf?wa=wsignin1.0&wtrealm=urn%3amydomain%3aint&wctx=https%3a%2f%2fmydomain.local%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252F

    Where I need to enter credentials and “sign in”. I enter my credentials, click “sign in”, but nothing happens. It appears as if it circles back. I dont get any kind of message and am not being redirected back to my local sharepoint site.

    I created a new account in the INT environment, but not able to log in with it. Wondering if you experienced this or can help shed any light.

    Thanks so much…

  2. Hi Mike, Thanks for the post. I am have the same problem as Oscar and I used the same post from Wictor Wilen””s blog. Do you think a setting has changed for windows live id?

    Thanks

  3. Adam and Oscar,

    It has been a while since I had to set this up. It is on my radar to revisit and see if something has changed. Unfortunately right now my schedule is pretty full so I am not sure how soon I will get to it. If either of you do figure out the issue please post it back here for others.

Leave a Reply