It’s Time to Dump your 1990s App Authentication

Book Cover

Migrate Win32 applications secured by client/server #database logins to #mobile apps that use OAuth & enterprise #cloud directories for authentication instead.

Do you know Scott Tiger? Are you familiar with SA and no password? If so, you probably worked with client/server database security mechanisms from companies like Oracle, Microsoft, IBM and others. Anyone who’s built client/server, multi-tier database systems over the years has worked with Oracle Net Listener, TNSNames, Sybase DBLIB, ISAM and VSAM drivers plus a revolving door of Microsoft drivers. App logins were typically the same as the database login. DBAs were in control and app developers worked with what they were given. Sometimes data access was secured through the use of views or stored procedures. Things improved when databases started supporting integrated authentication where data access could be controlled by users and groups found in the company Active Directory.

Today’s mobile apps don’t connect to client/server databases this way. Win32 apps connecting via the LAN or VPN can kick the can down the road a bit longer. Everything else talks to databases with web APIs or sync. While these mobile-friendly APIs use database authentication to connect, the services they expose must be secured by an enterprise directory. This pattern provides identity management to mobile apps. Furthermore, cloud-based enterprise directories must be kept in sync with existing on-premises directories to keep the login procedures seamless for employees. Add multi-factor authentication to boost security and avoid consumer auth providers like Facebook or Twitter.

Reduce risk to your organization by decoupling app security from database authentication and make the move to company-wide directory services. Has your employer switched all its enterprise apps to modern authentication methods yet?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click here to purchase a copy of my book today and start transforming your business!

Get Connected to Windows 10 IoT Core on Your Raspberry Pi

USB Ports

Connect to Windows 10 #IoT Core on Your Raspberry Pi with Secure Shell, the Web and Visual Studio.

In my last article, I showed you how to get Windows 10 IoT Core installed on your Raspberry Pi 2. In order to remotely configure, monitor and push Universal Windows Platform apps to your Pi, your Windows 10 PC must be able to connect. A critical element in making all this work is to ensure your PC is on the same network and subnet as the Raspberry Pi 2. Lets get to work.

A quick glance at your Raspberry Pi’s home screen will show you its name and IP address.

Windows Home

From the command prompt of your Windows 10 PC, run ipconfig to verify that it is on the same network and subnet. Sending a ping to your Raspberry Pi to ensure you can reach it is a good idea as well. If your connectivity is good, then it’s time to remotely connect via Secure Shell (SSH) so you can run commands on your Raspberry Pi.

In order to connect with Secure Shell, you’ll need need a remote shell client for Windows. PuTTY is a commonly used, open source terminal emulator that can be downloaded here. Once it’s downloaded, launch the app, type in the IP address of your Raspberry Pi, select the SSH radio button and click the Open button.

PuTTy

The first time you connect, you may experience a slight delay and a Security Alert dialog below might popup. Just click the Yes button to proceed.

Security Alert

Once you connect, type the default value of Administrator at the login as: screen and hit enter. Next, type the default password of p@ssw0rd and hit enter.

SSH Login

Welcome back to DOS! No Edlin jokes…

SSH

Let’s try a few commands. If you don’t like the default device name of minwinpc, you can change it by typing setcomputername <new name>. I changed mine to houseofpi in honor of the Houston restaurant where Rod Canion and the other founders of Compaq hatched their plan for a new computer company on a paper placemat. Type hostname to make sure you got it right.

One thing I absolutely want you to change is the Administrator password since your new IoT device is currently in a vulnerable state.  Type net user Administrator <new password>to make this happen. Please take IoT security seriously so you don’t contribute to creating the largest attack surface in the history of computing. A good list of Windows 10 IoT Core command line utilities can be found here.

Now lets move on to see how you can connect to your Raspberry Pi via the web.

Looking back to the installation of Windows 10 IoT Core for Raspberry Pi 2 from the previous article, it installed an app called Windows IoT Core Watcher which can be found from the Windows Start menu at All apps | Microsoft IoT. When you launch this app, it should display your Raspberry Pi in a list as shown below:

Windows IoT Core Watcher

Right-click on your device and select Web Browser Here from the context menu. Since you just changed your password, the browser will prompt you for it before displaying the page. As you can see below, the Home page just shows you some minimal information about your Raspberry Pi.

WebHome

The App page shows you a dropdown list of installed apps that you can run, uninstall or set as the default app at the top. Remember, only one app can run in the foreground at a time on Windows IoT Core. The Install app section is interesting in that it lets you remotely install your app (.appx), associated certificate (.cer) and any other dependencies your app may have.

AppX

The Process page works similarly to the Task Manager on your PC and displays a list of running processes along with associated CPU and memory usage. Clicking the X next to any of the processes will kill it.

Processes

Also like the Task Manager on your PC, the Performance page displays real-time CPU and file I/O utilization and memory usage.

Performance

There are a lot of other pages to explore that deliver helpful information and diagnostics to help you be successful with Windows 10 IoT Core on the Raspberry Pi 2. Definitely check them out.

As you might imagine, the whole point of having Windows 10 IoT Core is to run apps. This is where Visual Studio 2015 and the Universal Windows Platform comes in.

RTM versions of Visual Studio 2015 Community, Professional or Enterprise are required to get started. Make sure Universal Windows App Development Tools -> Tools and Windows SDK are installed during the setup procedure. After installation, download the Windows IoT Core Project Templates from the Visual Studio Gallery to make your File | New Project experience more productive. Last but not least, make sure developer mode is enabled by following these instructions.

If the Raspberry Pi devices you’re targeting are deployed with a connected monitor that a person can interact with, create a Windows Universal Blank App project in Visual Studio to deliver a user interface. On the other hand, if you’re targeting headless Raspberry Pi devices, create a Windows IoT Core Background Application in Visual Studio.

Once your headless or GUI IoT app project is loaded, you’ll have to make some adjustments to Visual Studio in order to deploy and debug against your Raspberry Pi. You’ll need to select ARM to support the Broadcom CPU and Remote Machine to debug over Ethernet.

ARM x86 Remote

It’s possible that a Remote Connections dialog will popup when you select Remote Machine for the first time. If Visual Studio cannot find your Raspberry Pi automatically, type in its IP address in the Address text box. Select none instead of Windows for Authentication Mode and click the Select button.

Remote Connections

Next, I want you to go to the Solution Explorer and double-click on the Properties icon of your IoT project. Click Debug on the left side of the screen and ensure that Target device is set to Remote Machine and the IP address of your Raspberry Pi is displayed in the Remote machine text box. Click the Find button to verify that Visual Studio can connect. If your Pi cannot be found, it’s possible that Visual Studio’s remote debugger on the Pi has shut down after a long time of inactivity. Try restarting your Raspberry Pi and give it another shot.

Debug

If all goes well, the Remote Connections dialog should popup and the name of your Pi should be displayed beneath the Auto Detected section. Click the Select button.

Remote Connections Success

After the dialog closes, make sure that the Use authentication check box is unchecked and then click the Save icon. At this point, you should be able to hit F5 and remotely debug against your Raspberry Pi.

As you can see, there’s no shortage of ways to connect, configure, control and debug against your Raspberry Pi running Windows 10 IoT Core. Now start building those IoT apps using the development tools and programming languages you’re comfortable with.