# Table of contents:
# Introduction
USR
is a command introduced with
MSNP2.
The command exists in all services, without a request or response payload.
Specifies a user that wants to authenticate to the service. For the command that is used when sending this to a Dispatch Server, read XFR.
This command can only be sent once. Any further uses of this command in the same session is Undefined Behaviour.
# Client/Request
# Dispatch Server or Notification Server
# The Initial request
USR TrID security-package I user-handle
Depending on the version of the protocol you are using,
security-package
can be:
-
CTP: Clear Text Password. Only in MSNP2. -
MD5: MD5-based authentication. Only in MSNP2 to MSNP7. -
TWN: "Tweener", Passport 1.4 or compatible authentication service. Since MSNP8. -
SSO: Single Sign On, usually a more advanced Passport 3.0 authentication method. Since MSNP15.
# The Subsequent request
USR TrID security-package S {...response-args}
Where
response-args
can be anything, but based on
security-package
it can be:
-
CTP: Your password in plain text. -
MD5: The server's login challenge concatenated with your password. -
TWN: Thefrom-PPparameter in theAuthentication-Infoheader sent in response to Passport 1.4, or if using Passport 3.0, the<wsse:BinarySecurityToken>of the relevant<wst:RequestSecurityTokenResponse>. -
SSO: The same as Passport 3.0 inTWN, but with the extra parameter being the custom challenge response encoded as base64.
# Switchboard Server
USR TrID user-handle cookie
Where
user-handle
is your current user handle.
Where
cookie
is the relevant parameter given from
XFR
or
RNG.
# Server/Response
# Dispatch Server or Notification Server
# Requesting a Subsequent action
USR TrID OK security-package S {...challenge}
Where
challenge, based on the
security-package
is:
-
CTP: Nothing. This parameter is omitted. -
MD5: The login challenge to concatenate with your password. -
TWN: The Passport login parameters. -
SSO: The Passport login policy and a base64-encoded key.
# Successfully authenticated
USR TrID OK user-handle {friendly-name} {verified} {account-restricted}
Where
OK
is always
OK.
Where
user-handle
is your user handle.
Where
friendly-name
is your current Friendly Name. Removed in
MSNP10.
Where
verified
is the account's verification status,
where 0 is unverified, and 1 is verified. Added since
MSNP6.
Where
account-restricted
is the account's restricted status,
where 0 is unrestricted, and 1 is restricted. Added since
MSNP8.
If this is set, the Client may log out automatically and ask to use MSN Explorer.
# Switchboard Server
USR TrID OK user-handle friendly-name
Where
user-handle
is your current user handle.
Where
friendly-name
is your current friendly name.
# Examples
# Notification Server
# Using CTP
Only in MSNP2.
C: USR 1 CTP I example@hotmail.com
S: USR 1 CTP S
C: USR 2 CTP S password
S: USR 2 OK example@hotmail.com example%20user
# Using MD5
C: USR 3 MD5 I example@hotmail.com
S: USR 3 MD5 S 1234567890.123456789
C: USR 4 MD5 S f59af8f2fa91d38aff7c870c17f99903
S: USR 4 OK example@hotmail.com example%20user 1
# Using TWN
Since MSNP8.
C: USR 5 TWN I example@hotmail.com
S: USR 5 TWN S passport=parameters,neat=huh,lc=1033,id=507
The HTTPS interlude has been moved to the Passport 1.4 article.
C: USR 6 TWN S t=token&p=profile
S: USR 6 OK example@hotmail.com example%20user 1 0
# Using SSO
Since MSNP15.
NOTE: This has been line-breaked.
Lines beginning with
..
followed by a space are continuations of the previous line.
C: USR 7 SSO I example@hotmail.com
S: USR 7 SSO S MBI_KEY_OLD AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
The HTTPS and key-encryption interlude has been removed from here and is to reinstated as two seperate pages.
C: USR 8 SSO S t=ticket HAAAAAEAAAADZgAABIAAAAgAAAAUAAAASAAAAAAAAA
.. AAAAAA7XgT5ohvaZdoXdrWUUcMF2G8OK2JohyYcK5l5M
.. JSitab33scxJeK/RQXcUr0L+R2ZA9CEAzn0izmUzSMp
.. 2LZdxSbHtnuxCmptgtoScHp9E26HjQVkA9YJxgK/HM=
S: USR 8 OK example@hotmail.com
# Invalid username or password
C: USR 9 TWN I example@hotmail.com
S: USR 9 TWN S passport=parameters,neat=huh,lc=1033,id=507
C: USR 10 TWN S t=not*a*passport*ticket&p=not*a*profile*either
S: 911 10
Server disconnects client.
# Child account not authorized
Since MSNP4.
C: USR 11 MD5 I example@hotmail.com
S: USR 11 MD5 S 1234567890.123456789
C: USR 12 MD5 S f59af8f2fa91d38aff7c870c17f99903
S: 923 12
Server disconnects client.
# Account not verified
# Hard block
Since MSNP5.
NOTE: This will show the Account Verification dialog.
C: USR 13 MD5 I example@hotmail.com
S: USR 13 MD5 S 1234567890.123456789
C: USR 14 MD5 S f59af8f2fa91d38aff7c870c17f99903
S: 924 14
Server disconnects client.
# Soft warning
Since MSNP6.
C: USR 15 MD5 I example@hotmail.com
S: USR 15 MD5 S 1234567890.123456789
C: USR 16 MD5 S f59af8f2fa91d38aff7c870c17f99903
S: USR 16 OK example@hotmail.com example%20user 0
# Account restricted
Since MSNP8.
NOTE: This will automatically log you out and force you to use MSN Explorer instead.
C: USR 17 TWN I example@hotmail.com
S: USR 17 TWN S passport=parameters,neat=huh,lc=1033,id=507
C: USR 18 TWN S t=token&p=profile
S: USR 18 OK example@hotmail.com example%20user 1 1
Client disconnects from server.
# Wrong server for this account
C: USR 19 TWN I example@hotmail.com
S: 931 19
Server disconnects client.
# Switchboard Server
C: USR 20 example@passport.com 1234567890.1234567890.1234567890
S: USR 20 OK example@passport.com example%20user