There's been a good deal of interest in my last post, How to Use Windows CardSpace with ASP.NET Forms Authentication. I recently went back and reviwed the screencast and noticed that I mistakenly stored the private personal identifier rather than the unique identifier.

If you're using my code as an example, you need to make some minor tweaks:

1. In Link.aspx.cs, replace the token.Claims property usage with token.UniqueID on line 32
2. In Login.aspx.cs, replace the token.Claims property usage with token.UniqueID on line 28

Technically you can leave the database changes alone and still use the field named PPID, but it may be desirable to refactor the database and the stored procedures names to reflect the storage of a unique identifier rather than the private personal identifier.

In short, you want to rely upon the unique identifier rather than the private personal identifier for a number of security reasons. Vittorio Bertocci does a great job of explaining the details about why you want to use the UniqueID rather than the PPID in his post UniqueID and PPID.