Advanced Windows Store Apps Development – II  Authenticate using Windows Live Authentication  Authenticate using Web authentication protocols  Explain and use Group Policies © Aptech Ltd Managing Windows and Web Authentication/Session Authentication is the process of determining the identity of a user based on the user credentials Once the authentication is done, then, the authorization process starts Authorization means deciding which resources can be used by the current user and accordingly allowing access rights to the currently logged in user The Windows Store app allows Live ID authentications using one of the following Live ID providers: Microsoft Account Facebook Login Twitter Login Google Login Windows Azure Active Directory (WAAD) © Aptech Ltd Managing Windows and Web Authentication/Session In Windows 8, login screen appears as shown in figure It shows the Windows authentication page using Microsoft Account Live ID © Aptech Ltd Managing Windows and Web Authentication/Session Managing Windows Authentication  CredentialLocker is one of the best options available for the user authentication in Windows  CredentialLocker can be used to store the credentials of a user over the cloud  Microsoft has also revealed many sign in options for the password Users can set their password through a Personal Information Number (PIN) or they can set the same through a picture password In order to set your picture password or PIN: Swipe from the right side of your screen and click Settings or drag your cursor to the bottom-right corner of the screen Click Change PC settings Under Account navigate to Sign-in options © Aptech Ltd Managing Windows and Web Authentication/Session 5 From this screen, you can change your password, PIN, or picture password Following figure shows the Account Details page with Sign-in options © Aptech Ltd Managing Windows and Web Authentication/Session What is Credential Manager? Credential Manager allows you to store user names and passwords that you use to log on to Websites or other computers Windows can automatically log you on to Websites or other computers by storing the credentials on local machine or on a cloud To Store passwords, certificates, and other credentials for automatic logon • Credential Manager can be used to store credentials, such as user names and passwords that can be used to log on to Websites or other computers To add a password to Windows vault • Open User Accounts from the Start menu, click Control Panel  User Accounts, in the left pane, click Manage your credentials Click Add a Windows credential In the Internet or network address box, type the name of the computer that you want to access • This can be the NetBIOS name or DNS name • Enter the username and password and click OK © Aptech Ltd Managing Windows and Web Authentication/Session What is CredentialLocker? • The CredentialLocker provides a way to store user credentials in a secure way for your app • It is available in Windows.Security.Credentials namespace • CredentialLocker encrypts and saves the credentials locally • CredentialLocker is used to simplify this task in Windows and higher versions • The Locker allows applications to store and retrieve user’s credentials in a secure way • CredentialLocker can be accessed using WinRT PasswordVault class This class allows adding, retrieving, and removing credentials from the locker • LiveAuthClient class is also used to retrieve the session data from Microsoft account © Aptech Ltd Managing Windows and Web Authentication/Session There are two types of storage mechanism used by CredentialLocker: Secured storage Roaming credentials The great benefit that CredentialLocker offers for the app is that, it is used to store the credentials in a secured area by encrypting the credentials before they are stored CredentialLocker provides benefits to the user in many ways One of them is that, when the device is in roaming profile, the app stores credentials over the cloud Many times, the user makes a mistake of storing the credentials in plain text format while developing the app This leads to a security hole in the app © Aptech Ltd So, whenever the user is logged in to the device, it can be authenticated from anywhere as the device is connected to the cloud Managing Windows and Web Authentication/Session How to add Authentication Details in a CredentialLocker? A CredentialLocker can be used easily in two steps to access the authentication information First, use the PasswordVault class and second, use PasswordCredential class An instance of PasswordVault class will have a method called Add() which can be used to add the credentials to the CredentialLocker Following Code Snippet shows how to create an instance of the PasswordVault and how to add the credentials inside it Code Snippet: var vlt = new Windows.Security.Credentials.PasswordVault(); vlt.Add(new Windows.Security.Credentials.PasswordCredential(“My App”, username, password)); © Aptech Ltd Managing Windows and Web Authentication/Session 10  The user can store the password in the system through the password history The users can set their own values to store password as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 20  The user can also lock the system for protecting them from unauthorized access To set the policy, the user has to navigate to Account Lockout Policy as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 21  The user can set the number of password attempts that can be made, so that the system will automatically lock when it reaches the limit as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 22 Live Authentication To connect the store app over the Internet or through cloud, the user has to install the Live SDK from Microsoft Next few sections will walk you through the steps involved in live authentication In order to enable Microsoft Account Live ID, the user has to set the Packaging information of the app from the Package.appxmanifest file as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 23 Once the packing information is provided, the user can add Live SDK reference installed in the system through the Reference Manager as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 24 From the Windows Extensions, the user has to select Live SDK from the listed libraries in Reference Manager as shown in figure Figure shows how to select the Live SDK from extension library Once the library is added, the user can view it in the References folder of the Solution Explorer as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 25 To connect the cloud service, the user has to write the UI code given in following Code Snippet Code Snippet: © Aptech Ltd Managing Windows and Web Authentication/Session 26 To connect to the cloud service, the user has to write the code given in following Code Snippet Code Snippet: using using using using using using using using using using using using using using using © Aptech Ltd System; System.Collections.Generic; System.IO; System.Linq; Windows.Foundation; Windows.Foundation.Collections; Windows.UI.Xaml; Windows.UI.Xaml.Controls; Windows.UI.Xaml.Controls.Primitives; Windows.UI.Xaml.Data; Windows.UI.Xaml.Input; Windows.UI.Xaml.Media; Windows.UI.Xaml.Navigation; Microsoft.Live; Microsoft.Live.Controls; Managing Windows and Web Authentication/Session 27 Code Snippet (Cont.): namespace Liveconnection { public sealed partial class MainPage : Page { public MainPage() { this.InitializeComponent(); } protected override void OnNavigatedTo(NavigationEventArgs e) { } private async void btnSignin_SessionChanged_2(object sender, LiveConnectSessionChangedEventArgs e) { try { LiveAuthClient liveAuthClient; LiveLoginResult liveLoginResult; liveAuthClient = new LiveAuthClient(“{Please add your redirect url here}”); liveLoginResult = await liveAuthClient.LoginAsync(new string[] { “wl.signin”, “wl.basic” }); © Aptech Ltd Managing Windows and Web Authentication/Session 28 Code Snippet (Cont.): if (liveLoginResult.Session != null && liveLoginResult.Status == LiveConnectSessionStatus.Connected) { LiveConnectClient client = new LiveConnectClient(liveLoginResult.Session); LiveOperationResult operationResult = await client.GetAsync(“me”); dynamic results = operationResult.Result; lblWelcome.Text = “Welcome “ + results.name; btnSignin.Content = “Sign out”; } else throw new Exception(); } catch (Exception ex) { lblWelcome.Text = ex.Message; } } } } © Aptech Ltd Managing Windows and Web Authentication/Session 29 Once the code is written, the users have to navigate to Project  Store  Associate App with the Store as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 30 After selection of the menu is done as shown in figure, the user has to select the app and click Next as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 31 As the app is associated with the app, the user can now execute the code The output will be displayed as shown in figure The user has to provide the credentials in order to login over the cloud © Aptech Ltd Managing Windows and Web Authentication/Session 32 After successful login, the user will receive the output as shown in figure © Aptech Ltd Managing Windows and Web Authentication/Session 33 In Windows 8.1, users can create their own credentials to login their devices Once the setting is saved, it will automatically be loaded in the device from the cloud whenever the device is reset or reinstalled The benefit of using CredentialLocker for the app is that, it can be used to store the credentials in a secured area by encrypting it before they are stored To connect the store app over the Internet or through cloud, the user must install the Live SDK from Microsoft In Windows, Group Policy is available with Windows Pro and Windows 8.1 Enterprise edition © Aptech Ltd Managing Windows and Web Authentication/Session 34 ... }); if (liveLoginResult .Session != null && liveLoginResult.Status == LiveConnectSessionStatus.Connected) { LiveConnectClient client = new LiveConnectClient(liveLoginResult .Session) ; LiveOperationResult... x:Name=”btnSignin” Scopes=”wl.signin wl.basic” SessionChanged=”btnSignin_SessionChanged_2” /> © Aptech Ltd Managing Windows and Web Authentication /Session 26 To connect to the cloud service,... Ltd Managing Windows and Web Authentication /Session 28 Code Snippet (Cont.): if (liveLoginResult .Session != null && liveLoginResult.Status == LiveConnectSessionStatus.Connected) { LiveConnectClient