locked
windows phone 8.0 的MDM 注册过程,局域网内搭建问题? RRS feed

  • 问题

  • 我要在wp8上做一个MDM应用,首先需要在手机上从设置-》企业应用->添加 一个用户进行注册。这个注册过程我需要在局域网内模拟一个坏境进行测试验证(真实坏境还没有)。服务器端需要怎么做? 感觉挺麻烦的。 谢谢!


    2014年5月2日 9:51

答案

全部回复

  • 你好,

    请参考你的前一个帖子,http://social.msdn.microsoft.com/Forums/zh-CN/f9ea6e82-9a3d-42a1-8e2b-ca1585a81637/windows-phone-mdm?forum=wpappszh

    在这个帖子中,我指出一个TechNet的链接,请参考:http://technet.microsoft.com/en-us/library/dd261827.aspx

    如果有疑问,请在原贴上进行回复。

    谢谢!


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    2014年5月5日 1:40
    版主
  • Hello Yang

    我在wp上MDM的注册已经进行到最后一步, RequestSecurityToken 和 RequestSecurityTokenResponse,

    这块不是很理解。

    如客户端POST请求

    POST /EnrollmentServer/DeviceEnrollmentWebService.svc HTTP/1.1
    Content-Type: application/soap+xml; charset=utf-8
    User-Agent: Windows Phone 8 Enrollment Client
    Host: enrolltest.contoso.com
    Content-Length: 3242
    Cache-Control: no-cache
    <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
    xmlns:a="http://www.w3.org/2005/08/addressing"
    xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" 
    MICROSOFT  18
    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
    xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512"
    xmlns:ac="http://schemas.xmlsoap.org/ws/2006/12/authorization">
    <s:Header>
    <a:Action s:mustUnderstand="1">
    http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RST/wstep
    </a:Action>
    <a:MessageID>urn:uuid:0d5a1441-5891-453b-becf-a2e5f6ea3749</a:MessageID>
    <a:ReplyTo>
    <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <a:To s:mustUnderstand="1">
    https://enrolltest.contoso.com:443/ENROLLMENTSERVER/DEVICEENROLLMENTWEBSERVICE.SVC
    </a:To>
    <wsse:Security s:mustUnderstand="1">
    <wsse:BinarySecurityToken  wsse:ValueType=
    http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentUserToken
    wsse:EncodingType=
    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"
    xmlns=
    "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    B64EncodedSampleBinarySecurityToken
    </wsse:BinarySecurityToken>
    </wsse:Security>
    </s:Header>
    <s:Body>
    <wst:RequestSecurityToken>
    <wst:TokenType>
    http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
    </wst:TokenType>
    <wst:RequestType>
    http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType>
    <wsse:BinarySecurityToken
    ValueType="http://schemas.microsoft.com/windows/pki/2009/01/enrollment#PKCS10"
    EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuritysecext-1.0.xsd#base64binary">
    MIICcTCCAV0CAQAwMDEuMCwGA1UEAxMlQjFDNDNDRDAtMTYyNC01RkJCLThFNTQtMzRDRjE3REZEM0ExADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3RDEkXYSzsqqyPtES8Kc7ZXcNgLN+AT/3gKrz34QHBIyakA+HHHg+Kr5Tw72kjp3vS4HgbUvUpOpImow2dPB5iq1L7xBYhks9edSu3H+/BvB+NnTTEGYg7EFm0iahdy1qUsOdpWCKXJBOyAlJOzktuj44EyER6Puo0/LCF9zgTmdegYECRpARgyJObNHx5VZYdIx2FKh8FiK/+gOwdnl9jX+9qnC6UrE0g+0nmTzonH7ETYCmldRIBEn91qy/HlPNDWNp1cojWXXNsoeGrYyKSNDzbwp6Dicj56JDNmbW9XTE/J5wwUbgLjap+adsSr5LWnyscRs5QJ4bZsW6G1L8CAwEAAaAAMAkGBSsOAwIdBQADggEBADxkVW6wn2hbKVEuvaGHIngpxL0437RQRcpkMSZ2FMQxlyBPScmiltIdGpZo7VDjyHK2pAzd72vtMuMdBi950NaHJy0tljDancxVNW72MEUJ9WZrX0ksmkNNPYwCfMN7qYuNI9hGjFr3LeZDmmqYcsPebTgiTWcg8eMtyNg8RS/FTZPCkPAjl9OtZMABMPvPekd+k0Z54eUs0EDgtVI7xPUwxw3vHi+0Q9irG7j7BQbq2l2fQ/8+16qj6SwbffoBgeWfi82+djvISJ0OjBtMAWjhwMV+Gcg09h3N0JP+Rh8fQWYGXy/YNKmJiUjLvka/dSQffmuFssTJITZLXevyb9Q=
    </wsse:BinarySecurityToken>
    <ac:AdditionalContext xmlns="http://schemas.xmlsoap.org/ws/2006/12/authorization">
    <ac:ContextItem Name="DeviceType">
    <ac:Value>WindowsPhone</ac:Value>
    </ac:ContextItem>
    <ac:ContextItem Name="ApplicationVersion">
    <ac:Value>8.0.9846.0</ac:Value>
    </ac:ContextItem>
    </ac:AdditionalContext>
    </wst:RequestSecurityToken>
    </s:Body>
    </s:Envelope>

    客户端会带一个MIICcTCCAV0CAQAwMDEuMCwGA1UEAxMlQjFDNDNDRDAtMTYyNC01RkJCLThFNTQtMzRDRjE3REZEM0ExADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN3RDEkXYSzsqqyPtES8Kc7ZXcNgLN+AT/3gKrz34QHBIyakA+HHHg+Kr5Tw72kjp3vS4HgbUvUpOpImow2dPB5iq1L7xBYhks9edSu3H+/BvB+NnTTEGYg7EFm0iahdy1qUsOdpWCKXJBOyAlJOzktuj44EyER6Puo0/LCF9zgTmdegYECRpARgyJObNHx5VZYdIx2FKh8FiK/+gOwdnl9jX+9qnC6UrE0g+0nmTzonH7ETYCmldRIBEn91qy/HlPNDWNp1cojWXXNsoeGrYyKSNDzbwp6Dicj56JDNmbW9XTE/J5wwUbgLjap+adsSr5LWnyscRs5QJ4bZsW6G1L8CAwEAAaAAMAkGBSsOAwIdBQADggEBADxkVW6wn2hbKVEuvaGHIngpxL0437RQRcpkMSZ2FMQxlyBPScmiltIdGpZo7VDjyHK2pAzd72vtMuMdBi950NaHJy0tljDancxVNW72MEUJ9WZrX0ksmkNNPYwCfMN7qYuNI9hGjFr3LeZDmmqYcsPebTgiTWcg8eMtyNg8RS/FTZPCkPAjl9OtZMABMPvPekd+k0Z54eUs0EDgtVI7xPUwxw3vHi+0Q9irG7j7BQbq2l2fQ/8+16qj6SwbffoBgeWfi82+djvISJ0OjBtMAWjhwMV+Gcg09h3N0JP+Rh8fQWYGXy/YNKmJiUjLvka/dSQffmuFssTJITZLXevyb9Q=

    我看微软提供的文档里关于RSTR message,如下;

    HTTP/1.1 200 OK
    Cache-Control: private
    Content-Length: 10231
    Content-Type: application/soap+xml; charset=utf-8
    Server: Microsoft-IIS/7.0
    Date: Fri, 03 Aug 2012 00:32:59 GMT
    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:a="http://www.w3.org/2005/08/addressing"
    xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
    <Action s:mustUnderstand="1" >
    http://schemas.microsoft.com/windows/pki/2009/01/enrollment/RSTRC/wstep
    </Action>
    <a:RelatesTo>urn:uuid:81a5419a-496b-474f-a627-5cdd33eed8ab</a:RelatesTo>
    <o:Security s:mustUnderstand="1" xmlns:o=
    "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> 
    MICROSOFT  20
    <u:Timestamp u:Id="_0">
    <u:Created>2012-08-02T00:32:59.420Z</u:Created>
    <u:Expires>2012-08-02T00:37:59.420Z</u:Expires>
    </u:Timestamp>
    </o:Security>
    </s:Header>
    <s:Body>
    <RequestSecurityTokenResponseCollection
    xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
    <RequestSecurityTokenResponse>
    <TokenType>
    http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentToken
    </TokenType>
    <RequestedSecurityToken>
    <BinarySecurityToken
    ValueType=
    "http://schemas.microsoft.com/5.0.0.0/ConfigurationManager/Enrollment/DeviceEnrollmentProvisio
    nDoc"
    EncodingType=
    "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary"
    xmlns=
    "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    B64EncodedSampleBinarySecurityToken
    </BinarySecurityToken>
    </RequestedSecurityToken>
    <RequestID xmlns="http://schemas.microsoft.com/windows/pki/2009/01/enrollment">0
    </RequestID>
    </RequestSecurityTokenResponse>
    </RequestSecurityTokenResponseCollection>
    </s:Body>
    </s:Envelope>

    黑色字体的B64EncodedSampleBinarySecurityToken需要填什么token,

    下面这段xml需要放到哪,和下面这段xml里的黑色B64需要填写什么?

    Sample provisioning XML (presented in the preceding package as a security token):
    <wap-provisioningdoc version="1.1">
    <characteristic type="CertificateStore">
    <characteristic type="Root">
    <characteristic type="System">
    <characteristic type="031336C933CC7E228B88880D78824FB2909A0A2F">
    <parm name="EncodedCertificate" value="B64 encoded cert insert here" />
    </characteristic>
    </characteristic>
    </characteristic>
    <characteristic type="My" >
    <characteristic type="User">
    <characteristic type="F9A4F20FC50D990FDD0E3DB9AFCBF401818D5462">
    <parm name="EncodedCertificate" value="B64EncodedCertInsertedHere" />
    </characteristic>
    <characteristic type="PrivateKeyContainer"/>
    <!-- This tag must be present for XML syntax correctness. -->
    </characteristic>
    <characteristic type="WSTEP">
    <characteristic type="Renew">
    <!—If the datatype for ROBOSupport, RenewPeriod, and RetryInterval tags exist, 
    they must be set explicitly. -->
    <parm name="ROBOSupport" value="true" datatype="boolean"/>
    <parm name="RenewPeriod" value="60" datatype="integer"/>
    <parm name="RetryInterval" value="4" datatype="integer"/>
    </characteristic>
    </characteristic> 
    MICROSOFT  21
    </characteristic>
    </characteristic>
    <characteristic type="APPLICATION">
    <parm name="APPID" value="w7"/>
    <parm name="PROVIDER-ID" value="TestMDMServer"/>
    <parm name="NAME" value="Microsoft"/>
    <parm name="ADDR" value="https://DM.contoso.com:443/omadm/WindowsPhone.ashx"/>
    <parm name="CONNRETRYFREQ" value="6" />
    <parm name="INITIALBACKOFFTIME" value="30000" />
    <parm name="MAXBACKOFFTIME" value="120000" />
    <parm name="BACKCOMPATRETRYDISABLED" />
    <parm name="DEFAULTENCODING" value="application/vnd.syncml.dm+wbxml" />
    <parm name="SSLCLIENTCERTSEARCHCRITERIA" value=
    "Subject=DC%3dcom%2cDC%3dmicrosoft%2cCN%3dUsers%2cCN%3dAdministrator&amp;Stores=My%5CUser"/>
    <characteristic type="APPAUTH">
    <parm name="AAUTHLEVEL" value="CLIENT"/>
    <parm name="AAUTHTYPE" value="DIGEST"/>
    <parm name="AAUTHSECRET" value="password1"/>
    <parm name="AAUTHDATA" value="B64encodedBinaryNonceInsertedHere"/>
    </characteristic>
    <characteristic type="APPAUTH">
    <parm name="AAUTHLEVEL" value="APPSRV"/>
    <parm name="AAUTHTYPE" value="BASIC"/>
    <parm name="AAUTHNAME" value="testclient"/>
    <parm name="AAUTHSECRET" value="password2"/>
    </characteristic>
    </characteristic>
    <characteristic type="DMClient"> <!-- Staring with Windows Phone 8.1, an enrollment server 
    should use DMClient CSP XML to configure DM polling schedules. The polling schedule regisitry 
    keys will be deprecated after Windows Phone 8.1.-->
    <characteristic type="Provider">
    <!-- ProviderID in DMClient CSP must match to PROVIDER-ID in w7 APPLICATION characteristics -->
    <characteristic type="TestMDMServer">
    <characteristic type="Poll">
    <parm name="NumberOfFirstRetries" value="8" datatype="integer" />
    <parm name="IntervalForFirstSetOfRetries" value="15" datatype="integer" />
    <parm name="NumberOfSecondRetries" value="5" datatype="integer" />
    <parm name="IntervalForSecondSetOfRetries" value="3" datatype="integer" />
    <parm name="NumberOfRemainingScheduledRetries" value="0" datatype="integer" />
    <!-- In Windows Phone 8.1, MDM push is supported for real-time communication. The DM client 
    long term polling schedule’s retry waiting interval should be more than 24 hours (1440) to 
    reduce the impact to data consumption and battery life. Refer to the DMClient Configuration 
    Service Provider section for information about polling schedule parameters.-->
    <parm name="IntervalForRemainingScheduledRetries" value="1560" datatype="integer" />
    </characteristic>
    <parm name="EntDeviceName" value="Administrator_WindowsPhone" datatype="string" />
    </characteristic>
    </characteristic>
    </characteristic>
    <characteristic type="EnterpriseAppManagement">
    <characteristic type="1">
    <parm datatype="string" name="EnrollmentToken" value="AppEnrollTokenInsertedHere"/>
    <parm datatype="string" name="StoreProductId"
    value="{92A7F577-6F01-243F-8399-088E0DC40656}"/>
    <parm datatype="string" name="StoreURI"
    value="HTTPS://DM.contoso.com:443/EnrollmentServer/clientcabs/EnterpriseApp1.xap"/>
    <parm datatype="string" name="StoreName" value="Contoso App Store"/>
    <!-- The value must be a URL encoded representation of the X.500 destinguished name of the 
    client certificates Subject property. -->
    <parm datatype="string" name="CertificateSearchCriteria" value="
    SearchCriteriaInsertedHere"/> 
    <parm datatype="string" name="CRLCheck" value="0"/>
    </characteristic>
    </characteristic>
    </wap-provisioningdoc>
    NOTE 1: parm name and character


    2014年5月9日 1:39
  • 你好,

    关于这一块内容,请参考:Windows Phone 8 Enterprise Device Management Protocol

    另外这里有一个帖子可以参考下:http://stackoverflow.com/questions/16544610/mdm-enrollment-service-certificates-in-provisioning-xml

    谢谢!

    2014年5月9日 2:19