Creating Private Windows Phone 7 Applications That Use Service Based Security

Hands-On Lab

Creating Private Windows Phone 7 Applications That Use Service Based Security

Lab version:1.0.0

Last updated:1/21/2019

Contents

Overview

First-Time Configuration of the Windows Azure Simulation Environment

Using dsinit to Configure Development Storage

Exercise 1: Creating a SharePoint List Data Source

Task 1 – Deploying the List Template to a SharePoint Site

Task 2 – Creating the Maintenance Requests List

Exercise 2: Creating a WCF Service in Windows Azure

Task 1 – Beginning the Exercise

Task 2 – Implementing and Configuring the WCF Service

Exercise 3: Creating the Windows Phone 7 Application

Task 1 – Beginning the Exercise

Task 2 – Configuring Constants in the Windows Phone 7 Application

Task 3 – Configuring the Reference to the SharePoint Lists.asmx Web Service

Task 4 – Adding a Reference to the Windows Azure WCF Service

Task 5 – Modifying the ServiceReferences.ClientConfig File to Support the Cookie Container Used with Forms Based Authentication

Task 6 – Implementing Code to Lock and Unlock the Application

Task 7 – Testing the Application in the Local Azure AppFabric Simulation Environment

Exercise 4: Deploying and Testing in the Cloud

Task 1 – Packaging the WCF Service for Publishing to Windows Azure

Task 2 – Uploading the Deployment Package and Configuring the RegistrationService in Windows Azure

Task 3 – Configuring the Windows Phone 7 Application to Access the Service Deployed to Windows Azure

Task 4 – Testing the Application with the RegistrationService Windows Azure WCF Service Deployed to the Cloud

Summary

Overview

The Windows Phone 7 marketplace does not have a concept of a private marketplace. Applications published to the marketplace are visible to everyone. When deploying an application for all the users in a large organization, using the marketplace is the most efficient way to go about it. Developers must take steps to ensure applications deployed to the public marketplace are only used by authorized employees and not the public. In this scenario, to ensure maximum security no usernames, passwords, or salts are stored on the Windows Phone device. These values must be entered each time the application is restarted.

Objectives

In this hands-on lab, you will learn how to create a Windows Phone 7 application that uses a Windows Azure WCF Service to unlock the application. You will also learn how to provide users the functionality they need to call the Windows Azure WCF Service and conditionally unlock the application based on the results returned from the service.

• Learn how to create a Windows Azure WCF Service that validates the information necessary to unlock an application.
• Learn how to provide users the functionality they need to call the Windows Azure WCF Service and conditionally unlock the application.

Prerequisites

The following is required to complete this hands-on lab:

Note: See Setting Up A SharePoint and Windows Phone 7 Development Environment Module for instructions that describe how to set up the SharePoint and Windows Phone 7 developer machine.

• Windows 7 x64 installed with all Windows Updates installed, in one of the following scenarios.

◦Installed on a physical machine

◦Installed on a bootable VHD

• SharePoint 2010 installed on the Windows 7 x64 developer machine configured with a site collection that uses Forms Based Authentication (FBA).
• Windows Phone 7 Developer Tools

◦

• Windows Phone 7 Developer Tools - January 2011 Update

◦

• Windows Phone Developer Tools Fix

◦

Note: The following prerequisites are not included in the Setting Up A SharePoint and Windows Phone 7 Development Environment Module installation instructions. If you are using a development machine built according to the Setting Up A SharePoint and Windows Phone 7 Development Environment Module instructions you must install these components.

• Windows Azure SDK and Windows Azure Tools for Microsoft Visual Studio (March 2011)

◦

Download and install the files indicated in the screenshot below.

Figure 1

Download Setup files

• KB981002- WCF: Hotfix rollup in .NET 3.5 SP1 for Win 7 and Win 2k8 R2

• Access to a Windows Azure account.

◦Go to to create an account.

First-Time Configuration of the Windows Azure Simulation Environment

Note: The Windows Azure SDK (included in Windows Azure Tools for Visual Studio) installs a simulation environment on your development machine for testing Azure applications locally before deploying them to the cloud. The simulation environment consists of the development fabric to host web and worker roles, and the development storage which simulates cloud blob, table and queue storage locally.

Development storage uses SQL Server as its underlying storage mechanism, and by default the SDK will attempt to configure it to use SQL Server Express. If you do not have SQL Server Express installed before installing the SDK, or you wish to simply use an existing SQL Server instance to host the development storage database, you must run the dsinit command to select the SQL Server instance where the database will be created.

Please see instructions below for how to run dsinit.

Using dsinit to Configure Development Storage

1. Open a command prompt.
2. Edit the following command line as appropriate for your environment, where [AzureSDKInstallDrive] is the drive where you installed the Azure SDK (or Windows Azure Tools for Visual Studio), and [YourSqlInstance] is the SqlServer where you want to create the development storage database.

[AzureSDKInstallDrive]\ Program Files\Windows Azure SDK\v1.4\bin\devstore\dsinit.exe /sqlinstance:[YourSqlInstance]

Example Command Line:
“C:\Program Files\Windows Azure SDK\v1.4\bin\devstore\dsinit.exe” /sqlinstance:.

1. Note that the sample command line above uses the value “.” for the sqlinstance argument, which specifies that the local default SQL instance will be used for development storage.

Exercise 1: Creating a SharePoint List Data Source

Note: This is the same list used in the Integrating SharePoint 2010 and Windows Azure module. If you have already installed it, you may skip this exercise.

In this exercise, you will deploy a list template to SharePoint and make a list based upon the template. The list template defines a list used to hold maintenance requests. In this scenario, after the WindowsPhone 7 application is unlocked, it will read the maintenance requests from the SharePoint list. The Windows Phone 7 application will present this information to help maintenance personnel complete maintenance requests.

Task 1 – Deploying the List Template to a SharePoint Site

1. In this task, you willdeploy the maintenance requests list template to a SharePoint site. The list template contains sample data used in the lab.
2. Open Internet Explorer and navigate to the SharePoint Team Site configured for Forms Based Authentication.

example:

1. Log into the site using site collection administrator credentials.
2. Click Site Actions, and select Site Settings.
3. In the Galleriessection, click List templates.
4. In the Ribbon, click the Documents tab.
5. Click Upload Document.
6. Click Browse…
7. Browse to the Maintenance Requests.stp file located at %TrainingKitPath%\Labs\CreatingPrivateApplicationsUsingServices\Source\Before and select it.
8. Click Open.
9. Click OK.
10. Click Save.
11. Verify the Maintenance Requests list template appears in the List Templates Gallery.

Figure 2

The Maintenance Requests list template

Task 2 – Creating the Maintenance Requests List

In this task, you willuse the maintenance requests list template to create the maintenance requests list.

1. Open Internet Explorer and navigate to the SharePoint Team Site configured for Forms Based Authentication.

example:

1. Log into the site using site collection administrator credentials.
2. Click Site Actions and select More Options.
3. In the Filter By section, select List.
4. Select the Maintenance Requests list.

Figure 3

Create list dialog

1. In the Name textbox enter Maintenance Requests.Click Create.
2. Verify the Maintenance Requests list contains the following sample data.

Figure 4

Maintenance Request list with data

Exercise 2: Creating a WCF Service in Windows Azure

In this exercise, you will create a Windows Azure WCF Service. In this scenario, the Windows Phone 7 application calls the Windows Azure WCF Service and passes in the application ID, application password, and registration key values entered by a user. The Windows Azure WCF Service uses these values to determine if they are valid to unlock the application and returns a message indicating success or failure. The Windows Phone 7 application uses the value returned from the Windows Azure WCF Service to conditionally unlock the application and enable its full functionality. When using this approach, use HTTPS to encrypt the communication channel between the Windows Phone 7 device and the Windows Azure WCF Service.

Task 1 – Beginning the Exercise

In this task, you will open the lab solution in Visual Studio 2010.

1. Make sure that you have downloaded and installed the items listed in System Requirements above prior to beginning this exercise.
2. Launch Visual Studio 2010 as administrator and open the lab project by selecting File » Open » Project.
3. Browse to the WP7.Private.Service.sln file located at %TrainingKitPath%\Labs\CreatingPrivateApplicationsUsingServices\Source\Before\WP7.Private.Service and select it.
4. Click Open to open the solution.

Task 2 – Implementing and Configuringthe WCF Service

In this task, you will implement a service operation in the RegistrationService WCF service to return the registration status for a Windows Phone 7 application.

1. In the RegisterWebRole project, open the file IRegistrationService. cs.

1. Add the following code under the //TODO: 9.2.1 comment to define the OperationContract for the Registermethod:

C#

[OperationContract]

string Register(string applicationID,

string applicationPassword,

string applicationRegistrationKey);

The above code defines the OperationContract for the Registermethod and makes it available to call from another application.

1. In the RegisterWebRole project, open the file RegistrationService.svc.cs.

1. Add the following code under the //TODO: 9.2.2 comment to define the Registermethod:

C#

public string Register(string applicationID,

string applicationPassword, string applicationRegistrationKey)

{

AesManaged aesManaged = null;

MemoryStream memoryStream = null;

CryptoStream cryptoStream = null;

try

{

Rfc2898DeriveBytes rfc2898DeriveBytes =

new Rfc2898DeriveBytes(applicationPassword,

Encoding.UTF8.GetBytes(applicationRegistrationKey), 99999);

aesManaged = new AesManaged();

aesManaged.IV = rfc2898DeriveBytes.GetBytes(16);

aesManaged.Key = rfc2898DeriveBytes.GetBytes(32);

memoryStream = new MemoryStream();

cryptoStream = new CryptoStream(memoryStream,

aesManaged.CreateEncryptor(),

CryptoStreamMode.Write);

byte[] bytes = Encoding.UTF8.GetBytes(applicationID);

cryptoStream.Write(bytes, 0, bytes.Length);

cryptoStream.FlushFinalBlock();

if (ENCRYPTED_APP_KEY == Convert.ToBase64String(memoryStream.ToArray()))

{

return "Success";

}

else

{

return "Failure";

}

}

finally

{

if (aesManaged != null)

{

aesManaged.Clear();

}

if (memoryStream != null)

{

memoryStream.Close();

}

if (cryptoStream != null)

{

cryptoStream.Close();

}

}

}

The Register method uses the cryptographic APIs to create an encrypted string. The cryptographic APIs use the applicationID, applicationPassword, and applicationRegistrationKey arguments to create the encrypted string. In this scenario, the Advanced Encryption Standard (AES) algorithm encrypts the string. AES uses a symmetric-key algorithm to encrypt data.

The following table describes how the arguments in the Register method are used by the cryptographic APIs use to create the encrypted string.

Register method parameter / Cryptographic API
applicationID / string to encrypt
applicationPassword / Password
applicationRegistrationKey / Salt

1. In the Solution Explorer, right click the RegistrationService.svcfile and select Set As Start Page.
2. Press the F5 key to run the Azure Web Role in the local Azure AppFabric simulation environment. This causes the Azure Web Role to run on your local machine.
3. Verify the RegistrationService.svc service is available when it opens in Internet Explorer. You should be viewing the RegistrationService Service page.
4. Do not stop the WP7.Private.Service project. You will use the running instance of the service in upcoming steps.

Figure 5

Registration Service page

Exercise 3: Creating the Windows Phone 7 Application

In this exercise, you will create a Windows Phone 7 application to query the maintenance tasks SharePoint list. You will also implement the code necessary to lock the application and the code to call the Windows Azure WCF Service to unlock the application.

Task 1 – Beginning the Exercise

In this task, you will open the lab solution in Visual Studio 2010.

1. Make sure that you have downloaded and installed the items listed in System Requirements above prior to beginning this exercise.
2. Launch Visual Studio 2010 as administrator and open the lab project by selecting File » Open » Project.
3. Browse to the WP7.Private.Service.PartsClient.sln file located at %TrainingKitPath%\Labs\CreatingPrivateApplicationsUsingServices\Source\Before\WP7.Private.Service.PartsClient and select it.
4. Click Open to open the solution.

Task 2 – ConfiguringConstants in the Windows Phone 7 Application

In this task, you will configure the constants used in the Windows Phone 7 application to work with your development environment.

1. In the WP7.Private.PartsClient project, in the Utilities folder, open the Constants.csfile.
2. Change the value for the USER_NAME and USER_PASSWORD constants to represent a Forms Based Authentication user specific to your development environment. For this lab, the user requires reader permissions.
3. Change the value for the AUTHENTICATION_SERVICE_URL constant to the URL specific to your development environment.

The following code example demonstrates the value for a SharePoint server named fbawp7.

C#

public const string AUTHENTICATION_SERVICE_URL ="

Task 3 – Configuringthe Reference to the SharePoint Lists.asmx Web Service

In this task, you willconfigure the reference to the SharePoint lists.asmx Web service.

1. In the Solution Explorer, double click the ServiceReferences.ClientConfig file to open it.
2. In the Endpoint element,change the address attribute to the URL for the lists.asmx SharePoint web service in the site where you created the Maintenance Tasks list.

Example:

Figure6

Configure the Lists service endpoint address

Task 4 – Adding a Reference to the Windows Azure WCF Service

In this task, you will add a reference to the RegistrationServiceWindows Azure WCF Service created in Exercise 2.

1. In the Solution Explorer, in the WP7.Private.Service.PartsClient project, right click Service References and select Add Service Reference.

1. In the Addresstextbox enter the URL to the local running instance of the RegistrationServiceWindows Azure Service. This is the same URL you will see in the web browser in Exercise 2, step 8.

Example:

1. Click Go.
2. Once the service is resolved, enter RegistrationService in the Namespace textbox.
3. Click OK.

Task 5 – Modifyingthe ServiceReferences.ClientConfig File to Support the Cookie Container Used with Forms BasedAuthentication

In this task, you will modify the web.config file to support the CookieContainer used with Forms BasedAuthentication. The code used to authenticate to the SharePoint server in this lab uses Forms Based Authentication. Forms Based Authentication requires the use of a CookieContainer. Please see the Security With SharePoint And Windows Phone 7 Applications Module for more information about Forms Based Authentication.

1. In the WP7.Private.Service.PartsClient project, open the ServiceReferences.ClientConfig file.

1. Locate the ListsSoap binding element.
2. Add the following attribute to the ListsSoap binding element.

XML

enableHttpCookieContainer="true"

The following screenshot shows what the ListSoap binding element looks like after the above code is added.

Figure 7

Adding cookie support to the configuration

1. Save ServiceReferences.ClientConfig.

Task 6 – ImplementingCode to Lock and Unlock the Application

In this task, you will use the cryptographic APIs to lock and unlock the windows phone application. The cryptographic APIs provide a secure mechanism to ensure the data used to unlock the phone application is valid.

1. In the WP7.Private.Service.PartsClient project, expand the Register.xaml file, and double click the Register.xaml.csfile.

1. Add the following code under the //TODO: 9.2.3 comment to define the buttonRegister_Click event handler:

C#

private void buttonRegister_Click(object sender, RoutedEventArgs e)

{

RegistrationService.RegistrationServiceClient registrationServiceClient =

new RegistrationService.RegistrationServiceClient();

registrationServiceClient.RegisterCompleted +=

new EventHandler<RegistrationService.RegisterCompletedEventArgs>

(registrationServiceClient_RegisterCompleted);

registrationServiceClient.RegisterAsync(txtApplicationID.Text,

txtApplicationPassword.Text,

txtApplicationRegistrationKey.Text);

}

The buttonRegister_Click event handleris called when a user clicks the Register button in the Windows Phone 7 application. The above code uses the proxy class Visual Studio 2010 generated for the RegistrationService Windows Azure WCF Service to attempt to unlock the application. First, an instance of the proxy class is created, then the RegisterCompletedevent handler is defined; it fires when the RegisterAsync method completes. The applicationID, applicationpassword, and applicationregistrationkey valuesthe user entered in the textboxes are passed as arguments to the RegisterAsync method.

1. Add the following code under the //TODO: 9.2.4 comment to define the registrationServiceClient_RegisterCompletedevent handler:

C#

void registrationServiceClient_RegisterCompleted(object sender,

RegistrationService.RegisterCompletedEventArgs e)

{

if (e.Result.ToString() == "Success")

{

NavigationService.Navigate(new Uri("/MainPage.xaml", UriKind.Relative));

}

else

{

MessageBox.Show("The application could not be registered. Please verify " +

"the Application ID, Application Password, and Registration Key " +

"are correct and try again.",

"Registration Error", MessageBoxButton.OK);

}

}

The above code fires when the RegisterAsync method completes. The value returned from the call to the RegistrationService is checked. If the value is Success, the user entered the correct information to unlock the application and the application opens the MainPage user control. If the value is not Success, the user entered incorrect information to unlock the application and the application prompts the user to validate their input and try again.

1. Save Register.xaml.cs.

Task 7 – Testingthe Applicationin the Local Azure AppFabric Simulation Environment

In this task, you will test the Windows Phone 7 applicationwith the RegistrationService running in the local Azure AppFabric simulation environment.

1. In the WP7.Private.Service.PartsClient solution, select Windows Phone 7 Emulator in the deployment location dropdown list.
2. Press F5.
3. The Windows Phone 7 application starts in the emulator prompts for the information necessary to unlock the application. The correct values are pre-filled. In a real world scenario, the user would be required to enter values necessary to unlock the phone application.