User signs in to WindowsUser is signed in to your app 12
Slide 8
Slide 9
Slide 10
Slide 11
Slide 12
Secure storage Credential isolation Roaming
Slide 13
My Photo App App Foo
Slide 14
My Photo App Desktop PC Sky Drive (Microsoft Account) My Photo
App Tablet PC
Slide 15
Slide 16
Slide 17
Typical OAuth flow Online service 1. Authorization Request
(Start URL) 2. Login page 3. Credentials 4. Authorization page 5.
User decision 6. Authorization token (Redirect URL) 7. Data access
User Application
Slide 18
No browser control No credential isolation
Slide 19
Web auth broker Web authentication broker Online service 1.
Authorization request (Start URL) 2. Login page 3. Credentials 4.
Authorization page 5. User decision 6. Authorization token
(Redirect URL) WinRT Dialog User Windows Store app 7. Data
access
Slide 20
Slide 21
Easy to use Credential isolation Supports secure SSO
Slide 22
Architecture 1 2 3 a 3 b 4 5 6 Apps App Container Medium
Integrity Level Different App Container
Slide 23
SSO mode allows users to authenticate to services without
having to re-enter credentials every time WAB supports SSO Apps
need to opt-in
Slide 24
Kernel Mode User Mode (App Container) User Mode (Medium)
https://contoso.com SID: S-1-5-4321 Contoso verifies the redirect
URL for its apps (e.g. MyPhotoApp registered ms-app://S-1-5-4321)
MyPhotoApp https://contoso.com?ContosoAppID=MyPhotoApp,
redirectURI=ms-app://S-1-5-4321,
https://contoso.com?ContosoAppID=MyPhotoApp,
redirectURI=ms-app://S-1-5-4321,
Slide 25
Header color Title text Icon Stylized web page to do the
following:
Slide 26
Slide 27
Slide 28
Inconsistent account UX Extra work for you
Slide 29
Slide 30
Intuitive & consistent account UX Saves you time
Slide 31
Slide 32
Sign in once. And thats it. Microsoft Account & Services -
Live SDK Online service providers - WebAuthBroker Optimize your
online service for best results Cred Management - Credential Locker
Accounts UX Accounts Control Key takeaways Sign up or give up?