Microsoft .NET Framework 3.0 Community (NetFx3)

Welcome to Microsoft .NET Framework 3.0 Community (NetFx3)

The .NET Framework is Microsoft's managed code programming model for building applications that have visually stunning user experiences, seamless and secure communication, and the ability to model a range of business processes.

Learn More...

What you need to run Windows CardSpace
CardSpace is a part of the .NET Framework 3.0 and 3.5. .NET Framework 3.0 is included in Windows Vista and Windows Server 2008. For Windows XP SP2 and Windows Server 2003 SP1 you will need to install the .NET Framework either by choosing the optional download in Windows Update or via the redistributable package found here.

Client applications need to know how to call CardSpace (or another identity selector such as DigitalMe, especially on the Mac or Linux). The browser is no exception and support can either be built-in or provided by a browser extension/add-in. IE7 has support included as will FireFox 3.0. For FireFox 2.x you can use the add-in here (under the Releases tab). With earlier versions of IE it is recommended that you upgrade to IE7.

Running CardSpace
The CardSpace applet can be found in the Control Panel under User Accounts. Alternatively on Vista, simply start typing CardSpace in the Start menu in Start Search. By the time you've typed in Card Windows CardSpace should have appeared as an option and be ready to select. Also note that whenever CardSpace is launched from within the browser or a smart client app the user is in full control (identity law #1) and has full access to all the card management features.

Adding information card support to a website
To allow users to authenticate to your site using an information card you need 3 things:

1) An SSL certificate to keep the user's identityencrypted. This is optional if the user has CardSpace 3.5 (i.e. they have the .NET Framework 3.5 installed), in which case the token will be sent in the clear provided the user gives their consent. If you are a bank or major Internet business it is highly recommended that you use an Extended Validation (EV) certificate. The CardSpace UI is modified in the case of an EV cert.

2) An HTML fragment in your page describing your token policy e.g. the format of the security token you want to receive, what required/optional claims you'd like to receive, and the issuer. This fragment is typically linked to a button or image showing the information card icon - so that the user can recognize it and click on it - and should be in a form with a method of POST so that the browser posts the token to the web server when it receives it from CardSpace.

3) A way to process the posted token when it arrives at the web server. The token can be *any* format that you specify (in uri form) but the most common format on the Internet is a SAML token.You will need to check that the token is valid (and who issued it), decrypt the token as required and then extract the claims. There are a number of helper classes available to make this task simple:

ASP.NET 2.0, http://go.microsoft.com/fwlink/?LinkId=89183
JavaScript and CSS, http://go.microsoft.com/fwlink/?LinkId=89182
C, http://www.codeplex.com/InformationCard
Java, http://www.codeplex.com/informationcardjava
PHP, http://www.codeplex.com/InformationCardPHP
Ruby on Rails, http://www.codeplex.com/informationcardruby

Browsers that work with Windows CardSpace
Browsers (or an add-in) need to recognize the "application/x-informationcard" tag, call into the CardSpace system (or other identity selector) and post the returned token to the Relying Party website. Browsers that can do this are:

Internet Explorer 7.0
FireFox 3.0 (when released!)
Firefox 2.x with this add-in
Opera and Safari

Versions of IE before 7.0 are not supported - it is always strongly recommended to use the latest browser version and keep up-to-date with patches.

How to delete the CardSpace store
Obviously you will lose all information in the store if you do this so back up your cards first. The store will be re-created the next time you launch CardSpace.
1) Log in as an admin
2) Take ownership of c:\users\<username>\AppData\Local\Microsoft\CardSpace (Vista) or c:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\CardSpace (XP/W2K3)
- Right-click on the folder
- Click the Security tab. Click OK on the error dialog
- Click the Advanced button
- Click the Owner tab
- Replace the owner on subcontainers and objects
3) Delete the Folder

How to see what's in an information card
Simply change the file extension from .crd to .xml and open up the file in Internet Explorer. You will see that a card is just a signed chunk of XML with all the token metadata in it.

Turning on tracing
This is what you need to put in your config file. <PATH> should be replaced by the directory path you want to use.

<system.diagnostics>
    <sources>
      <source name="System.ServiceModel.MessageLogging" switchValue="Verbose,ActivityTracing">
        <listeners>
          <add type="System.Diagnostics.DefaultTraceListener" name="Default">
            <filter type="" />
          </add>
          <add name="MessageLogging Listener">
            <filter type="" />
          </add>
        </listeners>
      </source>
    </sources>
    <sharedListeners>
      <add initializeData="<PATH>\app_messages.e2e"
           type="System.Diagnostics.XmlWriterTraceListener, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
           name="MessageLogging Listener" traceOutputOptions="LogicalOperationStack, DateTime, Timestamp, ProcessId, ThreadId, Callstack">
        <filter type="" />
      </add>
    </sharedListeners>
</system.diagnostics>

<system.serviceModel>
    <diagnostics>
      <messageLogging logEntireMessage="true" logMessagesAtServiceLevel="true" />
    </diagnostics>

...

</system.serviceModel>

</configuration>

More Search Options