locked
[UWP]App to App Service Security RRS feed

  • Question

  • I am developing a UWP app, I am using App to App service.

    How can I confirm the caller's identity ? 

    Also can the App to App service communication be intercepted ? 

    Should the data be encrypted ?


    Friday, June 10, 2016 5:44 PM

Answers

  • Hi Hande123,

    Welcome to the Developing Universal Windows apps forum!

    Please read the sticky posts, especially the Guide to posting: subject line tags and Known Issues for Windows 10 SDK and Tools 

    I have added tag for you this time, and you would need to add tag by yourself next time.

    Windows apps that access authenticated services often provide the users the option of storing their credentials on the local device. This is a convenience for the users; when they provide their username and password, the app automatically uses them in subsequent launches of the app. Because this can be a security issue if an attacker gains access to this stored data, Windows 10 provides the ability for Windows apps to store user credentials in a secure credential locker. The app calls the Credential Locker API to store and retrieve the credentials from the locker instead of storing them in the app’s storage container. The credential locker is managed by the operating system, but access is limited to the app that stores them, providing a securely managed solution for credential storage.

    >>” can the App to App service communication be intercepted?”

    Currently, I think it’s safe.

    >>” Should the data be encrypted ?”

    It depends on you. “Windows app developers can use the SymmetricKeyAlgorithmProvider and AsymmetricKeyAlgorithmProvider classes to implement symmetric and asymmetric encryption in their UWP apps. Additionally, the CryptographicEngine class can be used to encrypt and decrypt data, sign content and verify digital signatures. Apps can also use the DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace to encrypt and decrypt stored local data.

    More information about "secure Windows app development", pelase refer to this document for details.

    Best Regards,

    Xavier Eoro


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, June 13, 2016 8:31 AM

All replies

  • Hi Hande123,

    Read this latest documentation it will be helpfull  Use EDP to protect enterprise data transferred between apps

    Sunday, June 12, 2016 4:54 PM
  • Hi Hande123,

    Welcome to the Developing Universal Windows apps forum!

    Please read the sticky posts, especially the Guide to posting: subject line tags and Known Issues for Windows 10 SDK and Tools 

    I have added tag for you this time, and you would need to add tag by yourself next time.

    Windows apps that access authenticated services often provide the users the option of storing their credentials on the local device. This is a convenience for the users; when they provide their username and password, the app automatically uses them in subsequent launches of the app. Because this can be a security issue if an attacker gains access to this stored data, Windows 10 provides the ability for Windows apps to store user credentials in a secure credential locker. The app calls the Credential Locker API to store and retrieve the credentials from the locker instead of storing them in the app’s storage container. The credential locker is managed by the operating system, but access is limited to the app that stores them, providing a securely managed solution for credential storage.

    >>” can the App to App service communication be intercepted?”

    Currently, I think it’s safe.

    >>” Should the data be encrypted ?”

    It depends on you. “Windows app developers can use the SymmetricKeyAlgorithmProvider and AsymmetricKeyAlgorithmProvider classes to implement symmetric and asymmetric encryption in their UWP apps. Additionally, the CryptographicEngine class can be used to encrypt and decrypt data, sign content and verify digital signatures. Apps can also use the DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace to encrypt and decrypt stored local data.

    More information about "secure Windows app development", pelase refer to this document for details.

    Best Regards,

    Xavier Eoro


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, June 13, 2016 8:31 AM