none
App will no longer certify - Apps cannot transmit passwords as plain text.

    Question

  • After having a Windows 8.1 app published in the store for nearly a year, and then completing the new Age requirement update, my app will no longer.

    My app communicates with a WCF service on our server to handle business logic and database updates. Each user is required to submit a username and password to gain access to their data. I get the following notes from the App Certification. "The app poses a risk to users or to the security or functionality of the device or the Store. Apps cannot transmit passwords as plain text." The WCF Data Service connects to the app via https. and the WCF service uses the .Net 4.5.2 framework.

    I have unsuccessfully searched the internet to find a solution that works in both the application and the WCF service. Can anyone please provide a solution?

    Tuesday, September 13, 2016 5:42 PM

All replies

  • Did you find a solution? I am facing the same issue and I'm already using https to connect to server. The domain it connects to on server has a valid SSL certificate.


    Wednesday, September 21, 2016 2:55 PM
  • I have not found a solution
    Wednesday, September 21, 2016 5:13 PM
  • Are you connecting to the service via https or http?  Https will encrypt the data for you
    Saturday, September 24, 2016 11:09 PM
  • You could try encrypting the username and password.

    There are many ways to do that.

    So long as the other end can decrypt it.


    n.Wright

    Sunday, September 25, 2016 3:31 PM
  • It does use HTTPS
    Monday, September 26, 2016 9:41 PM
  • I am facing the same issue. Can you guide me on this ?
    Thursday, November 17, 2016 5:44 AM
  • https://msdn.microsoft.com/en-us/library/system.security.cryptography(v=vs.110).aspx

    https://msdn.microsoft.com/en-us/library/as0w18af(v=vs.110).aspx

    https://social.msdn.microsoft.com/Forums/en-US/f504aac6-3d99-4b75-ae15-78736dcd8816/wcf-message-security-and-encryption?forum=wcf

    For myself, I have been using RC4 over HTTPSecureSocket successfully. It is a symmetric encryption algorithm, very simple to implement and use. The same password encrypts and decrypts. Several source examples below :

    https://raykoid666.wordpress.com/2010/01/26/rc4-encryption-code-snippet-in-vb-net-vb5vb6-c-c/


    • Edited by Mitchb00 Sunday, November 27, 2016 7:51 PM
    Sunday, November 27, 2016 7:45 PM