With the use of Ticket Tokens , you no longer have to depend on MSNPAuth to perform contact list related commands, which means you can perform changes without having to login to the service network , you can simply go through the first login processes (VER,CVR , USR) and the SSO process , without having to reply to the USR.
Security Token Request
You must add the following request when authenticating with SSO:
<wst:RequestSecurityToken Id="RST#"> <wst:RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</wst:RequestType> <wsp:AppliesTo> <wsa:EndpointReference> <wsa:Address>contacts.msn.com</wsa:Address> </wsa:EndpointReference> </wsp:AppliesTo> <wsse:PolicyReference URI="?fs=1&id=24000&kv=9&rn=93S9SWWw&tw=0&ver=2.1.6000.1"> </wsse:PolicyReference> </wst:RequestSecurityToken>
This assumes you already know how to login, use instead of # the corresponding number to your security token request. As you see the referenced site is contacts.msn.com , which will let you have the token you can use to perform changes or get lists.
The Reply Will Look Something Like This:
<wst:RequestedSecurityToken> <wsse:BinarySecurityToken Id="Compact#">t=RwyZZAkmFsHiK+GCv...&p=</wsse:BinarySecurityToken> </wst:RequestedSecurityToken>
The given ticket can be used to do any SOAP request related to contacts.msn.com (ex: membership lists, address book, updates, changes etc...)
How To Use The Ticket Token
Like i said you are no longer forced to use MSPAuth as a cookie in the POST request you can use TicketToken instead in the following way after the ABAuthHeader in the Body of the soap request:
<ABAuthHeader xmlns="http://www.msn.com/webservices/AddressBook"> <ManagedGroupRequest>false</ManagedGroupRequest> <TicketToken>t=RwyZZAkmFsHiK+GCv...&p=</TicketToken> </ABAuthHeader>
If the ticket token was accepted you will receive a 200 OK message and the request would be successful. If not , Error 7 will be returned along with of course 501 internal server error saying invalid or wrong Token String MBI.