URI scheme verification

Question

Hi, 

I am developing applications which will call each other using the URI scheme mechanism. 

I would like to find out which application called my application. 

Is there any way to implement it in a Metro environment? 

Thanks in advance!

---

ynahmany

Answer 1

You can pass arguments in URI (protocol activation) which can represent source application. This is similar to mailto protocol activation.

Refer following links for help

• Association launching sample
• How to handle protocol activation (C#/VB/C++)
• How to launch the default app for a protocol (C#/VB/C++)

In case you still have problem, please post a working code that shows how far you have done it and what exactly your issue is.

---

-- Vishal Kaushik --

Please 'Mark as Answer' if my post answers your question and 'Vote as Helpful' if it helps you. Happy Coding!!!

My Samples

My Codeplex Project

Answer 2

Hi, 

First, thanks for the quick response. 

Second, I want to protect my application from attackers, assuming the attacker knows the URI scheme I am using he could then pass the same URI to my application. If I will add another parameter the attack vector will not be changed. 

I am looking for a way to verify the application signature or developer- that way I could cross-reference it. 

Any idea? 

---

ynahmany

Answer 3

It is not possible to tell who launched the URI.

You have to treat the URI launch as untrusted data.

--Rob

 

Answer 4

You could add a checksum in the URI that changes over time - so the caller would have to know how to generate the checksum (like a HMAC256, for example) in order to be validated.  For example, instead of:

App://command

Send:

App://command/0234412a232134b1123c

The checksum could be the current time/date of the phone, or some server state like a checksum of a webpage, rss feed, etc.  It could be a simple checksum of the Uri itself.

However, anyone that disassembles your apps code automatically knows how to use this, so look into obfuscation.

---

Darin R.