All geek questions in one place

Azure ACS 2.0 with Microsoft account on Windows 8

I support connecting Windows 8 to Windows Azure using an SSL connection using SSL. I am interested in verifying that the user is using my application for Windows 8, and not just a hacker using Fiddler.

Obviously, I cannot store the username and password inside C # code, and in this situation I would really like the user not to ask the user about the username and password each time the application is used (or ever in this regard).

I looked at Azure ACS , but it looks like just for one login, and the user needs to enter a username and password each time.

Anyway:

  • Use Microsoft default account (which most users entered when installing Windows 8) using ACS?
  • Encrypt and save login information so that the user cannot enter login information each time.

Thanks!

+6
source share
2 answers

About your requirement β€œI am interested in verifying that the user is using my application for Windows 8, and not just a hacker using Fiddler.”, I’m not sure how deep you try to protect your application, as if others would like to try use your application in different ways, they will find their way, and if you think that using ACS or LiveSDK add any security, I don’t think so.

ACS or LiveSDK are ways to authenticate a specific user and then let them use your application. When an authentication token is provided to your application about a specific user, and you have no way to save and verify this information again, there is no difference between ACS / LiveSDK authentication in your application or its absence. These oAuth-based services are just a way of authenticating the user, but you will need to write an extra layer of code to provide the user service.

It does not matter if you use ACS / oAuth / or your own membership service, the user will need to enter a username and password in order to be checked from time to time. Based on the time and type of login, you can keep the user active for x time in real time, but the session will expire and the user will need to enter a username and password. Storing a username and password locally to avoid re-entering credentials is not a good application design.

Now about your first question, you should use LiveSDK (not Azure ACS) to authenticate Live users (Hotmail, Live, Skydrive and Outlook), since most services use these IDs in Windows 8, so using one of these will help your application become part of one and the same ecosystem. You can use this last document to use the Live SDK in your application. If you use the Live SDK in your Windows 8 application, and the user uses the same Live ID for his other application in Windows 8 and logs in before your application, your application will already have a live session, to use it depends from Live ID and application settings,

About your second question, "Encrypt and store user login information so that the user cannot enter login information each time?" I don’t know why you need it. First of all, no oAuth service will give you user credentials, except for a username that you can save to check if the user is visiting again and that you can use it to make sure that he is the right user. You need to store this information in the cloud, and then after authentication do whatever you want.

+2
source

Take a look at a sample credential store for modern Windows 8 applications - http://code.msdn.microsoft.com/windowsapps/PasswordVault-f01be74a . This is not Azure ACS, but it will hopefully help you solve the problem. PasswordVault is a new API (Windows.Security.Credentials.PasswordVault), based on the identification functions that we saw in .NET 3. It allows you to safely store the credentials of a remote application in the OS, in a secure store and dynamically access them within your attachment. The user still has full control over the repository and can delete data using the control panel if they so wish. This is currently how most modern applications store data, such as OAuth tokens for remote service calls, such as Twitter.

This will only work for third-party identifiers. If you want to use a Microsoft account, follow the instructions above and see the LiveSDK.

+2
source

Source: https://habr.com/ru/post/925762/

More articles:


All Articles