I’ve been working through the certification series for Windows Store applications, and I’m currently studying for 70-484 (Essentials of Developing Windows Store Apps using C#). As with all new certifications, there isn’t a whole lot of study material much beyond poking around in Visual Studio and reading the documentation. I’ve included some directed links to MSDN articles that align with the Skills Measured by this exam. Today we’ll dive into Managing Security and Data and look at the difference between Web Authentication and Windows Authentication in Windows Store apps.

WebAuthenticationBroker - Supports OAuth and OpenID in Windows 8 apps

  1. How WebAuthenticationBroker works: http://msdn.microsoft.com/en-us/library/windows/apps/hh750286.aspx
  2. Requirements for a Provider to Support SSO

For Windows Store app developers to take advantage of the SSO mode of the Web authentication broker, a provider needs to do the following.

  • Allow URLs of the form ms-app://SID, where SID is the user's SID.
  • Instruct app developers to call the version of AuthenticateAsync that does not specify a redirectURL. If provider supplies an SDK for Windows Store app development, that SDK should use this overload as well.

Pasted from <http://msdn.microsoft.com/en-us/library/windows/apps/jj856909.aspx>

PasswordCredentialStore

  1. Managing user credentials - http://msdn.microsoft.com/en-us/library/windows/apps/xaml/br229572.aspx
    1. PasswordVault can securely store credentials
    2. PasswordCredential just returns resource and userName - retreivePassword is required first

 

For more details about secure development for Windows Store applications check out this blog post with more great practices along with a whitepaper from MSDN.