User signs in to WindowsUser is signed in to your app 12.

User signs in to WindowsUser is signed in to your app 12

Secure storage Credential isolation Roaming

My Photo App App Foo

My Photo App Desktop PC Sky Drive (Microsoft Account) My Photo App Tablet PC

Typical OAuth flow Online service 1. Authorization Request (Start URL) 2. Login page 3. Credentials 4. Authorization page 5. User decision 6. Authorization token (Redirect URL) 7. Data access User Application

No browser control No credential isolation

Web auth broker Web authentication broker Online service 1. Authorization request (Start URL) 2. Login page 3. Credentials 4. Authorization page 5. User decision 6. Authorization token (Redirect URL) WinRT Dialog User Windows Store app 7. Data access

Easy to use Credential isolation Supports secure SSO

Architecture 1 2 3 a 3 b 4 5 6 Apps App Container Medium Integrity Level Different App Container

SSO mode allows users to authenticate to services without having to re-enter credentials every time WAB supports SSO Apps need to opt-in

Kernel Mode User Mode (App Container) User Mode (Medium) https://contoso.com SID: S-1-5-4321 Contoso verifies the redirect URL for its apps (e.g. MyPhotoApp registered ms-app://S-1-5-4321) MyPhotoApp https://contoso.com?ContosoAppID=MyPhotoApp, redirectURI=ms-app://S-1-5-4321, https://contoso.com?ContosoAppID=MyPhotoApp, redirectURI=ms-app://S-1-5-4321,

Header color Title text Icon Stylized web page to do the following:

Inconsistent account UX Extra work for you

Intuitive & consistent account UX Saves you time

Sign in once. And thats it. Microsoft Account & Services - Live SDK Online service providers - WebAuthBroker Optimize your online service for best results Cred Management - Credential Locker Accounts UX Accounts Control Key takeaways Sign up or give up?

User signs in to WindowsUser is signed in to your app 12.

Documents

Transcript of User signs in to WindowsUser is signed in to your app 12.