Windows Live ID Return URL banned words

UPDATE: No need to do this now, its fixed!

For edngames.com I use Facebook, Yahoo! and Windows Live as sign on solutions. However, Windows Live is the only system with a restriction on the domain names you can register. For instance, because of the word “games” in my domain, I get the error message “The Return URL field contains a forbidden word or domain. Please use a different Return URL and enter the HIP solution again.”

image

Facebook and Yahoo, competing single sign on solutions, do not have this restriction, which the word “game” I assume is to block gambling sites from the authentication.

To get around this, I have had to set up a dummy domain (edslife.co.uk) without the banned words and perform authentication on that – you cannot simply do a redirect because the signature returned by the Windows Live server will be invalid because its a different return URL. I then have to create my own authentication (I use a hash function based on the time and a secret word) to move between the dummy domain to the real one securely.

image 

Although this works, and is just as secure as authenticating on the target site I reckon, it provides a pretty shoddy user experience because I have to explain that there is another domain name involved. You also cannot use this method to get data from the Windows Live server such as contact information because from a different domain, the authentication is invalid.

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>