Ed Andersen

Software Developer and Architect in Japan

Windows Live ID Return URL banned words

Ed Andersen Avatar

by

in ,

UPDATE: No need to do this now, its fixed!

For edngames.com I use Facebook, Yahoo! and Windows Live as sign on solutions. However, Windows Live is the only system with a restriction on the domain names you can register. For instance, because of the word “games” in my domain, I get the error message “The Return URL field contains a forbidden word or domain. Please use a different Return URL and enter the HIP solution again.”

image

Facebook and Yahoo, competing single sign on solutions, do not have this restriction, which the word “game” I assume is to block gambling sites from the authentication.

To get around this, I have had to set up a dummy domain (edslife.co.uk) without the banned words and perform authentication on that – you cannot simply do a redirect because the signature returned by the Windows Live server will be invalid because its a different return URL. I then have to create my own authentication (I use a hash function based on the time and a secret word) to move between the dummy domain to the real one securely.

image 

Although this works, and is just as secure as authenticating on the target site I reckon, it provides a pretty shoddy user experience because I have to explain that there is another domain name involved. You also cannot use this method to get data from the Windows Live server such as contact information because from a different domain, the authentication is invalid.

Ed Andersen Avatar

About me

Hi! 👋 I’m a Software Developer, Architect and Consultant living in Japan, building web and cloud apps. Here I write about software development and other things I find interesting. Read more about my background.

Ed’s “Newsletter”

Get the latest blog posts via email ✌️


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *