Passport authentication is a centralized authentication service provided by Microsoft. It works using a cookie mechanism. If clients have previously authenticated to Passport, they are allowed access to site. If not, they are automatically re-directed to the Passport site for authentication. This authentication mechanism provides a centralized authentication service that offers single sign-in for access the member sites.

The following scenarios support the use of Passport Authentication:
• The username and password database or login page is not maintained
• Willing to provide personalized content
• The site will be used in conjunction with other Passport sites
• Willing to give single sign-in capability to the users

On the Windows 2000 platform, there is no direct integration of Passport to any authentication and authorization mechanisms built into the operating system. While the .NET Framework does check for Passport cookies, if we maintain our own user database, then must implement our own code to map the Passport user to our own user, as well as implement our own authorization mechanism.

To implement this authentication mode, Passport SDK (Software Development Kit) has to be installed on the server and register with Microsoft Passport. The following code is specified in the Web.config file where the authentication mode is set to Passport as shown below:

In the above code the redirectURL attribute of Passport section is set to internal, which means the unauthenticated request will receive common error message. The value of redirectURL may contain a string other than internal, which is considered to be a URL, which the unauthenticated request will be sent to.