Category Archives : Visual Studio

Visual Studio 2015 – Using a Product Key 3


Continuing from the experience with Visual Studio 2013, the next edition – Visual Studio 2015 – was officially released to MSDN subscribers early this morning.  This edition follows the trend established in the previous edition of providing two channels of licensing – by using a Microsoft Account or by supplying a product key.

Get a Product Key

You’ll need to have an MSDN Subscription which matches the version of Visual Studio you are using.  Authenticate to MSDN Subscriptions and go to the Subscriber Downloads section. 


Here you’ll see a tab for “My Product Keys”.  In the list of keys there should be static activation keys for your account.  Find and copy out the product key for your version of Visual Studio 2015 (e.g. Enterprise, Professional, Test Professional).


  • If you don’t have a Product Key listed, as with Visual Studio 2013 it’s likely tied to the type of MSDN Subscription you have – whether you have assigned a perpetual license of not.  Whether or not Visual Studio carries a Product Key/perpetual license seems to depend on the type of MSDN subscription.
  • If you don’t have an MSDN subscription, but have instead purchased a retail copy of Visual Studio 2015 when it becomes available, there should be a Product Key with the product.  A boxed product should have a Product Key on the media (or box) and a soft copy should have a key associated with it somehow (maybe it is mailed to you?).

Install Visual Studio 2015

Once you have acquired a Product Key, the next step is to install Visual Studio 2015.  I’ve chosen to evaluate Visual Studio 2015 Enterprise edition, which replaces Premium and Ultimate editions (they have been merged into a single SKU).

image  image image

There’s some different options in this new edition (when using a custom install), the options I selected to install will absorb over 24 GB of hard drive space.  Probably best you avoid installing VS 2015 o a netbook!  If you want to minimise the install vector, unselecting the Cross Platform Mobile Development saves a lot of space.

Registering Visual Studio 2015

Once the installation completes, you’ll be able to launch the Visual Studio 2015 IDE.  You’ll be taken through the usual “first time user” wizard, which establishes your development and UI preferences.  You can skip logging in with a Microsoft account by choosing “Not now..”.

image  image

Once the IDE loads, you can select “Register Product” from the Help menu:

image  image

Once the registration dialog appears, use the “License with a Product Key” option, and enter your Product Key with the popup window.

image   image

Note: you don’t have to be online for the process to complete, so it looks like a good option for offline installs.


None!  The normalised CamelCase menus are back by default.


A lightweight implementation OWIN OAuth for ASP.NET Web Forms using Visual Studio 2013 – Part 3


In Part 1, we had a brief look at OWIN/OAuth concepts, and then prepared a clean ASP.NET web forms project for integration with NuGet packages essential to supporting a lightweight integration for OAuth handling.

In Part 2  we established the information required to authenticate users against the Live Connect OAuth provider, and also established a debugging environment; it’s time for the meat of the article.

Finally, this article will demonstrate the code necessary to handle authenticated user identities.  I must stress that this is incredibly lightweight, and hopefully it will be clear what you need to consider if taking this approach to a new or existing project.

Note: This article was originally published at Sanders Technology, check here for updates to this article and related technical articles.

The Concept Applied

Let’s quickly take a look at what you’ll be implementing from a conceptual point of view.  What you’ll be doing is effectively redirecting your users to a third party.  Once they have successfully authenticated, they’ll return to your site (or app) with some sort of token or claim (query string based).

Your site or app will then exchange this information with the third party to validate it is correct and valid.  If this is successful, the third party will share a bit of information about this user with you, which you could use to tie to a local identity if you preferred.

Here’s the concept in diagram form:

How the OAuth process works

Armed with this knowledge, there are a few design decisions you’ll need to make.  The most obvious one is planning how you’ll handle those redirects back to your site or application, once a user has authenticated with their OAuth provider (in this article, Microsoft Live Connect/Live Accounts).

In Part 2, I briefly discussed the importance of the Redirect Domain when configuring the Live Application.  This is, in fact, the target URL that your users will be given, once they’ve authenticated.  This can be a basic URI or a specific page.  In any case, the target has to be able to handle the authentication tokens.

Enough theory, show me some code

The code to handle authentication is ridiculously simple and lightweight.  In fact, I’ve encapsulated the logic into a single class.  In my example, I’ve hardcoded the implementation to the Microsoft provider, but I’m positive you could easily write a more generic implementation which accepts multiple OAuth providers.

This class handles the following functionality:

  • Initiate authentication (redirect to oAuth provider)
  • Handle and process authentication result (from redirect URL)
  • Save/store or cache authentication results (for subsequent requests)
  • Return basic user information (if authenticated)
  • Clear or expire authentication details

using DotNetOpenAuth.AspNet; using DotNetOpenAuth.AspNet.Clients; using System; using System.Collections.Generic; using System.Linq; using System.Web; namespace YourNamespace { public static class AuthenticationHelper { /// <summary> /// Determines if a user is presently authenticated /// </summary> /// <returns>True if authenticated, else false</returns> public static bool IsAuthenticated() { var auth = //TODO: Retrieve authentication information from temp local store or cache if (auth != null && auth.IsSuccessful) { //NOTE: Hard coded to the Microsoft provider string userName = OAuthDataProvider.Instance.GetUserNameFromOpenAuth("microsoft",

auth.ProviderUserId); //TODO: verify user id is a valid user return true; } return false; } /// <summary> /// Returns the user name for the currently authenticated user /// </summary> /// <returns></returns> public static string GetUserName() { var auth = //TODO: Retrieve authentication information from temp local store or cache if (auth != null) { return auth.UserName; } return String.Empty; } /// <summary> /// Verifies the authentication from the various OpenId and OAuth services,

///returns generic Authentication Result in res variable. /// </summary> /// <returns>Authentication information (can be null)</</returns> public static AuthenticationResult VerifyAuthentication() { var ms = new MicrosoftClient("<YOUR CLIENT ID>", "<YOUR SECRET KEY>"); var manager = new OpenAuthSecurityManager(new HttpContextWrapper(HttpContext.Current), ms, OAuthDataProvider.Instance); var result = manager.VerifyAuthentication("<YOUR REDIRECT URI>"); if (result != null) { //TODO: Save authentication information to temp local store or cache } return result; } /// <summary> /// Starts the authentication process. User will be redirected away from the current page /// </summary> public static void Authenticate() { var ms = new MicrosoftClient("<YOUR CLIENT ID>", "<YOUR SECRET KEY>"); new OpenAuthSecurityManager(new HttpContextWrapper(HttpContext.Current), ms, OAuthDataProvider.Instance)
.RequestAuthentication("<YOUR REDIRECT URI>"); } /// <summary> /// Used to “unauthenticate” an authenticated user /// </summary> public static void Unauthenticate() { //TODO: Clear authentication information from temp local store or cache } } }

Class diagram views follow:

Class diagram view of the Authentication Handler

There is an additional class required to make use of the OpenAuthSecurityManager class – a concrete class which implements the IOpenAuthDataProvider interface.  Luckily, you don’t have much to implement for this to work successfully:

using DotNetOpenAuth.AspNet;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;

namespace WebApplication3
    public class OAuthDataProvider : IOpenAuthDataProvider
        public readonly static IOpenAuthDataProvider Instance = new OAuthDataProvider();

        public string GetUserNameFromOpenAuth(string openAuthProvider, string openAuthId)
            return openAuthId;

As you can see, I don’t even really do anything here, I’m just returning the provider-supplied value.  You could do much more with this, including your own application-specific formatting.


Class view of the OAuthDataProvider class

Taking a look at the runtime process

To illustrate how this all works, I’ve updated the “clean” example solution from Part 1.  I must stress, this is a very, very simple implementation, and should in no way be used in a Production website.  It’s simply to illustrate how lightweight the implementation can be.

The sample site has a master page with a simple user control on it.  This control reflects whether a user has authenticated or not, and provides a mechanism for initializing the authentication process (in short: a “login button).

I’ll now show you what the process looks like from a series of screenshots of the working solution.  In this example, I’ve made the modifications mentioned in Part 2, as I have aliased “” to my localhost (for debugging purposes).

I’ve also created a Live Application at the Live Connect site. Remember – you need the Client ID and Secret ID plus have set the correct Redirect URL for this to work.

The Process

To begin, I load the default page on the site.  Notice in the top left hand corner the fairly boring “[ Authenticate ]” button.  When I click the button, it redirects me to the Live Connect page to sign in with a Microsoft (formerly Live, formerly Passport) Account.

image    image
The default page / Authenticate to Microsoft

Once I have authenticated, the Microsoft site asks me to allow my application to access basic account data.

The user is prompted to authorise the application

Notice here that I have not supplied an application logo – doesn’t it look ugly and unprofessional?  Once the user clicks the “Yes” button, the Microsoft site redirects the user’s browser to the URI set in the Live Application’s settings – which must match the address specified in the code in your site or application.

In this case, the user’s browser is directed to (with additional data in the query string).  My login.aspx page handles the request and checks that the user is not already authenticated.

The Login.aspx event hander code

This page forces the “VerifyAuthentication” call, and checks again OnPreRender to see if validation worked or not.  If it is successful, the user is redirected to the default page.

Below is an example of some of the information retrieved with a successful authentication:

Successful authentication provides very basic information

The ProviderUserId can be used to uniquely identify the authenticated user, and also provides a “friendly name” which you can use for display purposes.

We’ve achieved the Zen like state of “authenticated”

The default page now displays a more friendly user experience, and provides a mechanism for “logging off”.

More on the “TODO” elements of this approach

Again, I can’t stress strongly enough that this is only a simple proof of concept.  I’ve specifically cut corners here to demonstrate how little is needed to implement OAuth support for authentication.

If you look at the sample solution, there are three values you need to supply:

public static class AuthenticationHelper
      private const string KEYID = "<YOUR KEY>";
      private const string SECRET = "<YOUR SECRET KEY>";
      private const string REDIRECT = "http(s)://<YOUR REDIRECT URL>";

At a minimum you should consider doing the following with your own website or application, up-front:

  • Determine your complete security and identity requirements
  • Decide if you want  to have user profiles “local” to your application, and whether you’ll map these identities to their Provider ID
  • Consider an approach to storing or looking up the authentication data
  • Decide how your site or application should handle:
    • Unauthenticated users
    • Authenticated users
    • The location of your “Redirect URL”
  • Decide if you want to integrate this into the ASP.NET Role Provider
  • Consider using HTTPS/SSL for some or all of your site/application

That’s just a start, this barely scratches the surface.

Summary and Download

Well, I think I’ve managed to cover off all the basics of a lightweight implementation of OAuth (OWIN) using ASP.NET.  To aid you, I’ve attached a copy of the “clean” ASP.NET web forms solution, with the authentication classes and the user control included.  I’ve personally tested the solution with real Application keys and it is working as depicted here.

It’s not a bad start if you are just looking for a very lightweight way to integrate OAuth as a mechanism for identifying users, and could obviously be extended or used to integrate into your existing authentication/authorisation mechanisms.

If you’ve had any issues or have general feedback, shoot me an email:

Sample Solution