Advanced Windows Store Apps Development – II


 Authenticate using Windows Live Authentication
 Authenticate using Web authentication protocols
 Explain and use Group Policies

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

2


Authentication is the process of determining the identity of a user based on the user credentials.
Once the authentication is done, then, the authorization process starts.
Authorization means deciding which resources can be used by the current user and accordingly
allowing access rights to the currently logged in user.
The Windows Store app allows Live ID authentications using one of the following Live ID providers:

Microsoft Account
Facebook Login
Twitter Login
Google Login
Windows Azure Active Directory (WAAD)

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

3

In Windows 8, login screen appears as shown in figure. It shows the Windows authentication
page using Microsoft Account Live ID.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

4


Managing Windows Authentication
 CredentialLocker is one of the best options available for the user
authentication in Windows 8.
 CredentialLocker can be used to store the credentials of a user
over the cloud.
 Microsoft has also revealed many sign in options for the password. Users
can set their password through a Personal Information Number (PIN) or
they can set the same through a picture password.
In order to set your picture password or PIN:
Swipe from the right side of your screen and click Settings or drag your cursor to
the bottom-right corner of the screen.

Click Change PC settings.

Under Account navigate to Sign-in options.
© Aptech Ltd.

Managing Windows and Web Authentication/Session 5


5


From this screen, you can change your password, PIN, or picture password. Following figure shows
the Account Details page with Sign-in options.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

6


What is Credential Manager?
Credential Manager allows you to store user names and passwords that you use to log on to
Websites or other computers. Windows can automatically log you on to Websites or other
computers by storing the credentials on local machine or on a cloud.

To Store passwords, certificates, and other credentials for automatic logon
• Credential Manager can be used to store credentials, such as user names and
passwords that can be used to log on to Websites or other computers.
To add a password to Windows vault
• Open User Accounts from the Start menu, click Control Panel  User Accounts,
in the left pane, click Manage your credentials. Click Add a Windows credential.
In the Internet or network address box, type the name of the computer that you
want to access.
• This can be the NetBIOS name or DNS name.
• Enter the username and password and click OK.
© Aptech Ltd.


Managing Windows and Web Authentication/Session 5

7


What is
CredentialLocker?

• The CredentialLocker provides a way to store user credentials in a
secure way for your app.
• It is available in Windows.Security.Credentials namespace.
• CredentialLocker encrypts and saves the credentials locally.
• CredentialLocker is used to simplify this task in Windows 8 and higher
versions.
• The Locker allows applications to store and retrieve user’s credentials in a
secure way.
• CredentialLocker can be accessed using WinRT PasswordVault
class. This class allows adding, retrieving, and removing credentials from the
locker.
• LiveAuthClient class is also used to retrieve the session data from
Microsoft account.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

8



There are two types of storage mechanism used by CredentialLocker:

Secured storage

Roaming credentials

The great benefit that
CredentialLocker offers for the
app is that, it is used to store the
credentials in a secured area by
encrypting the credentials before
they are stored.

CredentialLocker
provides
benefits to the user in many ways.
One of them is that, when the
device is in roaming profile, the app
stores credentials over the cloud.

Many times, the user makes a mistake
of storing the credentials in plain text
format while developing the app. This
leads to a security hole in the app.

© Aptech Ltd.

So, whenever the user is logged in
to the device, it can be
authenticated from anywhere as the

device is connected to the cloud.

Managing Windows and Web Authentication/Session 5

9


How to add Authentication Details in a CredentialLocker?

A CredentialLocker can be used easily in two steps to access the authentication information.
First, use the PasswordVault class and second, use PasswordCredential class. An instance
of PasswordVault class will have a method called Add() which can be used to add the
credentials to the CredentialLocker.

Following Code Snippet shows how to create an instance of the PasswordVault and how to add
the credentials inside it.
Code Snippet:

var vlt = new Windows.Security.Credentials.PasswordVault();
vlt.Add(new Windows.Security.Credentials.PasswordCredential(“My
App”, username, password));

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

10


Retrieving User Credentials

You have several options for retrieving user credentials from the CredentialLocker after you
have a reference to the PasswordVault object. You can retrieve all the credentials the user has
supplied for your app in the locker with the PasswordVault.RetrieveAll() method. If
you know the username for the stored credentials, you can retrieve all the credentials for that
username with the PasswordVault.FindAllByUserName() method.
Following Code Snippet shows how to retrieve login credentials using CredentialLocker.
Code Snippet:
private string resName = “MyStoreApp”;
private string defaultUName;
private void Login()
{
var loginCredl = GetCredFromLocker();
if (loginCredl != null)
{
loginCredl.RetrievePassword();
}
else
© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

11


Code Snippet (Cont.):
loginCredl = GetLoginCredentialUI();
}ServerLogin(loginCredl.UserName, loginCredl.Password);
}private Windows.Security.Credentials.PasswordCredential GetCredFromLocker()
{
Windows.Security.Credentials.PasswordCredential cred = null;

var vlt = new Windows.Security.Credentials.PasswordVault();
var credList = vault.FindAllByResource(resName);
if (credList.Count > 0)
{
if (credList.Count == 1)
{
cred = credentialList[0];
}
else
{
defaultUName = GetDefaultUserNameUI();
cred = vlt.Retrieve(resName, defaultUName);
} }
return cred;
}
© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

12


Managing Web Authentication:
Windows Store Apps allows Web Authentication using Live SDK. To connect the store app over the
Internet or through cloud, the user must download and install the Live SDK from Microsoft. Once
it is installed, it can be referred to by the app using the Reference Manager available in the
Solution Explorer. It can be downloaded from Microsoft Website.
Following figure shows the Reference Manager-Live Connection window.

© Aptech Ltd.


Managing Windows and Web Authentication/Session 5

13


As the Live SDK is added, the user can view the reference added to the solution, as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

14


Following Code Snippet shows how to connect the app over the cloud. Using this code, user can
connect to cloud and retrieve or store the authentication information in the PasswordVault.
Code Snippet:
private async void btnSignin_SessionChanged_2(object sender,
LiveConnectSessionChangedEventArgs e) {
try {
LiveAuthClient liveAuthClient; LiveLoginResult liveLoginResult;
liveAuthClient = new LiveAuthClient(“{Please add your redirect url here}”);
liveLoginResult = await liveAuthClient.LoginAsync(new string[] {
“wl.signin”, “wl.basic” });
if (liveLoginResult.Session != null && liveLoginResult.Status ==
LiveConnectSessionStatus.Connected)
{
LiveConnectClient client = new LiveConnectClient(liveLoginResult.Session);
LiveOperationResult operationResult = await client.GetAsync(“me”);

dynamic results = operationResult.Result;
lblWelcome.Text = “Welcome “ + results.name;
btnSignin.Content = “Sign out”;
} else {
throw new Exception(); }}
catch (Exception ex) {
lblWelcome.Text = ex.Message; }}
© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

15


The Group Policy is an essential portion of the operating system. Group policies are most useful but
complex tools available in any operating system. These are the rules that can be applied to users
having same profiles. Using group policies, user can set the passwords, privileges or user limits. In
Windows 8, group policy is available with Windows 8 Pro. In Windows 8.1, Enterprise edition have
group policy option.
Implementing Password Group Policy
The group policy can limit their password stored in the Windows. To open the Group Policy Editor,
the user has to press the Win + R for the Run command. Type gpedit.msc and click OK as shown
in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

16



 When the user clicks OK, the Group Policy Editor window is displayed as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

17


 Security Settings can be used to set the password policy for a group. To do so, navigate to
the Security Settings to set the password policy as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

18


 Once the Security Settings are opened, Password Policy node can be seen. Navigate to
Password Policy and double-click the Enforce password history as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

19



 The user can store the password in the system through the password history. The users can
set their own values to store password as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

20


 The user can also lock the system for protecting them from unauthorized access. To set the
policy, the user has to navigate to Account Lockout Policy as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

21


 The user can set the number of password attempts that can be made, so that the system
will automatically lock when it reaches the limit as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

22



Live Authentication
To connect the store app over the Internet or through cloud, the user has to install the Live
SDK from Microsoft. Next few sections will walk you through the steps involved in live
authentication. In order to enable Microsoft Account Live ID, the user has to set the Packaging
information of the app from the Package.appxmanifest file as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

23


Once the packing information is provided, the user can add Live SDK reference installed in
the system through the Reference Manager as shown in figure.

© Aptech Ltd.

Managing Windows and Web Authentication/Session 5

24


From the Windows Extensions, the user has to select Live SDK from the listed libraries in
Reference Manager as shown in figure.
Figure shows how to select the Live SDK from extension library.
Once the library is added, the user can view it in the References folder of the Solution
Explorer as shown in figure.

© Aptech Ltd.


Managing Windows and Web Authentication/Session 5

25