Archives For Windows Phone 7

Encrypting your Credentials on Windows Phone 7.5

December 12, 2011 — 1 Comment

The last time I talked to you about Windows Phone security, I showed you how to encrypt your data and save it in Isolated Storage using Silverlight’s AesManaged class to create a Key and an Initialization Vector (IV) based on a password and salt value.  This gave your consumer and line-of-business apps the iron-clad AES 256 encryption they needed to secure sensitive data.  While this made 3rd-party Windows Phone apps the most secure in the industry, users had to deal with the hassle of entering their credentials each time they launched their secure app. 

The reason users had to reenter their credentials each time is because there was no secure way to store those credentials or the key in Isolated Storage.  Having the unencrypted credentials used to create the key sitting next to the encrypted data is the same as having no security at all.  With the launch of Mango, all this has changed.

Windows Phone 7.5 gives us the Data Protection API (DPAPI) which makes it easy to encrypt and decrypt data.  It pulls this off by generating and storing a key based on the user and phone credentials.  Oh, and it gets its own decryption key, which is created the first time you run the app that’s doing the encrypting. 

Using the ProtectedData class, it’s as simple as calling the Protect method to turn an unencrypted byte array into an encrypted one.  On the flip side, you call the Unprotect method to convert an encrypted byte array into an unencrypted one.  In cases where the data stays on the phone, this may take care of all of your encryption needs and you won’t necessarily have to jump through all the AesManaged hoops I had you jump through back before we launched Windows Phone 7.  On the other hand, if you want to encrypt data on Windows Phone, send it over a network and decrypt it on a server or other endpoint, you need to stick with the stuff I taught you before.

Below is a snippet of code that shows you how to encrypt the password and salt values needed to create a key with the AesManaged class:

using System.Security.Cryptography;

//Convert Password and Salt values to byte[] arrays

byte[] PasswordByte = Encoding.UTF8.GetBytes(Password.Text);

byte[] SaltByte = Encoding.UTF8.GetBytes(Salt.Text);

//Encrypt Password and Salt byte[] arrays using Protect() method

byte[] ProtectedPasswordByte = ProtectedData.Protect(PasswordByte, null);

byte[] ProtectedSaltByte = ProtectedData.Protect(SaltByte, null);

//Save byte[] arrays as two files in Isolated Storage

//Read byte[] arrays from files

//Decrypt Password and Salt byte[] arrays using Unprotect() method

byte[] PasswordByte = ProtectedData.Unprotect(ProtectedPasswordByte, null);

byte[] SaltByte = ProtectedData.Unprotect(ProtectedSaltByte, null);

//Convert byte[] arrays to strings and display in the text boxes

Password.Text = Encoding.UTF8.GetString(PasswordByte, 0, PasswordByte.Length);

Salt.Text = Encoding.UTF8.GetString(SaltByte, 0, SaltByte.Length);

With this simple code above, you can now encrypt and decrypt your credentials so you can save them in Isolated Storage next to the portable, encrypted data created via the AesManaged class.  So what does this buy you?

It means your users can enter their credentials just once, no matter how many times they launch your secure application.  Hassle-free.

Stay safe out there,

Rob

In Windows phone , , , , , , , , , , , , , , , , , , , , , ,
 permalink

Windows Azure at Seattle Interactive Conference

September 15, 2011 — 1 Comment

Join the Windows Azure team at Seattle Interactive Conference (Nov 2 -3, 2011) for two days of technical content and one-on-one advice and assistance from product experts.  Cloud Experience track is for experienced developers and who want to learn how to leverage the cloud for mobile, social and web app scenarios.  No matter what platform or technology you choose to develop for, these sessions will provide you with a deeper understanding of cloud architecture, back end services and business models so you can scale for user demand and grow your business. 

Learn more about the Cloud Experience Track at SIC, and view the speaker list.  Registration for the Seattle Interactive Conference is $350, and includes full access to conference sessions and activities.

SIC is developing a world-class speaker roster comprised of online technology’s most successful and respected personalities, alongside earlier-stage entrepreneurs who are establishing themselves as the leaders of tomorrow. SIC isn’t just about telling a story, it’s about truly sharing a story in ways that provide all attendees with a thought provoking experience and actionable lessons from the front lines.

Our confirmed speakers include:

 

Wade Wegner

Microsoft

Wade Wegner is a Technical Evangelist at Microsoft, responsible for influencing and driving Microsoft’s technical strategy for the Windows Azure Platform.

 

Rob Tiffany

Microsoft

Rob Tiffany is an Architect at Microsoft focused on combining wireless data technologies, device hardware, mobile software, and optimized server and cloud infrastructures together to form compelling solutions.

 

Steve Marx

Microsoft

Steve Marx is a Technical Product Manager for Windows Azure.

 

Nick Harris

Microsoft

Nick Harris is a Technical Evangelist at Microsoft specializing in Windows Azure.

 

Scott Densmore

Microsoft

Scott Densmore works as a Senior Software Engineer at Microsoft.

 

Nathan Totten

Microsoft

Nathan Totten is a Technical Evangelist at Microsoft specializing in Windows Azure and web development.

 

I hope to see everyone there!

-Rob

In Azure , , , , , , , , ,
 permalink

Sync Framework v4 is now Open Source, and ready to Connect any Device to SQL Server and SQL Azure

September 11, 2011 — 11 Comments

The profound effects of the Consumerization of IT (CoIT) is blurring the lines between consumers and the enterprise.  The fact that virtually every type of mobile device is now a candidate to make employees productive means that cross-platform, enabling technologies are a must.  Luckily, Microsoft has brought the power to synchronize data with either SQL Server on-premise or SQL Azure in the cloud to the world of mobility.  If you’ve ever synched the music on your iPhone with iTunes, the calendar on your Android device with Gmail, or the Outlook email on your Windows Phone with Exchange, then you understand the importance of sync.  In my experience architecting and building enterprise mobile apps for the world’s largest organizations over the last decade, data sync has always been a critical ingredient.

The new Sync Framework Toolkit found on MSDN builds on the existing Sync Framework 2.1′s ability to create disconnected applications, making it easier to expose data for synchronization to apps running on any client platform.  Where Sync Framework 2.1 required clients to be based on Windows, this free toolkit allows other Microsoft platforms to be used for offline clients such as Silverlight, Windows Phone 7, Windows Mobile, Windows Embedded Handheld, and new Windows Slates.   Additionally, non-Microsoft platforms such as iPhones, iPads, Android phones and tablets, Blackberries and browsers supporting HTML5 are all first-class sync citizens.  The secret is that we no longer require the installation of the Sync Framework runtime on client devices.  When coupled with use of an open protocol like OData for data transport, no platform or programming language is prevented from synchronizing data with our on-premise and cloud databases.  When the data arrives on your device, you can serialize it as JSON, or insert it into SQL Server Compact or SQLite depending on your platform preferences.

The Sync Framework Toolkit provides all the features enabled by theSync Framework 4.0 October 2010 CTP.  We are releasing the toolkit as source code samples on MSDN with the source code utilizing Sync Framework 2.1.  Source code provides the flexibility to customize or extend the capabilities we have provided to suit your specific requirements. The client-side source code in the package is released under the Apache 2.0 license and the server-side source code under the MS-LPL license.  The Sync Framework 2.1 is fully supported by Microsoft and the mobile-enabling source code is yours to use, build upon, and support for the apps you create.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Now some of you might be wondering why you would use a sync technology to move data rather than SOAP or REST web services.  The reason has to do with performance and bandwidth efficiency.  Using SOA, one would retrieve all the data needed to the device in order to see what has changed in SQL Server.  The same goes for uploading data.  Using the Sync Framework Toolkit, only the changes, or deltas, are transmitted over the air.  The boosts performance and reduces bandwidth usage which saves time and money in a world of congested mobile data networks with capped mobile data plans.  You also get a feature called batching, which breaks up the data sent over wireless networks into manageable pieces.  This not only prevents you from blowing out your limited bandwidth, but it also keeps you from using too much RAM memory both on the server and your memory-constrained mobile device.  When combined with conflict resolution and advanced filtering, I’m sold!

I think you’ll find the Sync Framework Toolkit to be an immensely valuable component of your MEAP solutions for the enterprise as well as the ones you build for consumers.

Keep Synching,

Rob

 

In Sync Framework , , , , , , , , , , , , , , , , , ,
 permalink

Consumerization of IT Collides with MEAP: Windows Phone > Cloud

August 29, 2011 — 2 Comments

In this week’s scenario, I’ll illustrate how Windows Phone utilizes many of Gartner’s Mobile Enterprise Application Platform Critical Capabilities to connect to Microsoft’s Cloud services in Azure

Continue Reading...
In MEAP , , , , , , , , , , , , , , , , , , , , ,
 permalink

Consumerization of IT Collides with MEAP: Windows Phone > On Premise

August 18, 2011 — 1 Comment

In this week’s scenario, I’ll illustrate how Windows Phone utilizes many of Gartner’s Critical Capabilities to connect to Microsoft’s On-Premise infrastructure.

Continue Reading...
In MEAP , , , , , , , ,
 permalink