Thursday, March 20, 2014

Windows Phone 8 development - setup https with self-signed certificate in virtual machine

It is common to use https communication between the phone application and the services for a secured data transportation. In order to setup https it needs a certificate. For production environment it can be purchased from a trusted CA provider such as GoDaddy. For development environment it can be generated locally by using the Microsoft Certification Creation tool makecert.exe.
Before we start doing it the environment needs to be ready. Please see my previous post Setup Windows Phone 8 Dev environment in virtual machine for this.
Let’s go through it step by step.



The self-signed certificate
Since the certificate subject name and key file name must match the website name, and the Emulator knows the development machine’s IP address, so we need to use the development machine’s IP address as the certificate subject name and key file name.

Find the development machine’s IP address for the Emulator
Fire up Visual Studio command prompt as administrator, type ipconfig then enter, two adapters should appear in the results. Pick the IP address under the Windows Phone Emulator one. In my example it is 169.254.80.80.
First we need to create a certificate to act as the root certificate authority. Still in command line windows execute the following line:
makecert -n "CN=169.254.80.80" -r -sv 169.254.80.80.pvk 169.254.80.80.cer
Input the password for the private key then press OK.
Input the password again then press OK.
Go to the folder we should be able to see two files just created, one is the certificate file the other is the private key file.
Then we need to install the root certificate authority on the development machine.
Go to the management console for certificates for local machine. Right click the Certificates folder under Trusted Root Certification Authorities, choose All Tasks -> Import...
Import the certificate file just created. After the import it should appear in the Trusted Root Certification Authorities/Certificates folder.
Then we need to create and install the temporary certificate on the development machine from the signed root CA just imported.

In command prompt execute this line
makecert -sk testcert -iv 169.254.80.80.pvk -n "CN=169.254.80.80" -ic 169.254.80.80.cer -sr localmachine -ss my -sky exchange -pe

Input the private key password then press OK and it should succeed.




Now the testcert is available for binding in IIS.
Setup a https website in IIS
In IIS add a website with the binding type https. In the SSL certificate dropdown list choose the one with the development machine IP address as the name, which was created previously.




Select the website added just now, click the Browse *.443 (https) link in the right side panel.
It should show a warning message which is expected.
Change the URL address from localhost to the IP address then it should be fine.
Now let’s create a simple WCF service and deploy it to the https website we just added.
Add a WCF Service Application project in Visual Studio.
When it is created it contains a sample service Service1.svc. We will use it for demonstration purpose.
Before publishing it to the website we added in IIS, we need to do some configurations in web.config.
In the solution explorer right click the web.config file then choose Edit WCF Configuration.
In the Configuration Editor click Create a new service for the Service1.svc and follow the wizard. Remember to choose the http and leave the endpoint address empty.




Once it is created then click Host under the new service, add a base address which is the https IP address.




Click the (Empty Name) under Endpoints, in the General tab on the right side, choose the binding type to basicHttpsBinding.
In Identity tab choose FindBySubjectName for X509FindType, then input the IP address for the FindValue.
Make sure the value for HttpsGetEnabled in ServiceMetadata settings under Service Behaviors is set to True.
Save the configuration changes then publish the WCF service to the folder was setup for the website.
Once the website is published, open the service from a browser, it should tell that the service is up and running.
Launch WCF Service Test Client. It should be located at \Microsoft Visual Studio 11.0\Common7\IDE\.
In the tool add the https service. It should be able to find the two methods defined in the service interface. Double click the GetData() method, input a value in the right side then click the button Invoke, it should receive a response with the expected value.
By now we are sure that the https service is working as expected.
Windows Phone 8 project
Let’s create a Windows Phone 8 application which invokes this https service just deployed.

Create a Windows Phone 8 project. Add a service reference to the https service.
In the MainPage.xaml add a button which points to a click method like this
Set the Windows Phone 8 project as the startup one if there are other projects in the solution.

Choose one of the Emulator from the dropdown list then press F5.
The phone application should be running in the emulator. Click the button just created and it should throw a CommunicationException. The reason is that self-signed certificate is not a trusted one in the emulator so we need to install it in the emulator manually. If the certificate is from a trusted CA then this step is not needed.
Locate the certificate added under Trusted Root Certification Authorities, right click it then choose All Tasks -> Export.
During the export wizard choose the .P7B type. Export it with a proper file name and location.
Copy the exported file to the service folder. In the browser type the url which points to the certificate file,  make sure it can be downloaded successfully.
In the emulator launch IE and type the certificate file url then press enter. Tip: pressing the Pause key in your keyboard enables you to type from your keyboard in the emulator.

It should show you a warning message. Click ‘Continue to website’.
Install the certificate.



After the certificate is installed successfully, go back to IE and type the service url, it should not show any warning message again, which means the certificate is not a trusted one.



Run the phone application again and click the button, it should connect to the https service correctly this time.




As long as the emulator is not closed then the certificate stays in the emulator. When the emulator is opened next time, you need to repeat the installation process in it.
Posted by at No comments:
Labels: ,

Monday, March 17, 2014

Equals and "==" operator in C#

Came across an interesting blog here:

http://blogs.msdn.com/csharpfaq/archive/2004/03/29/102224.aspx

In summary:

Equals and '==' operator in C# is an interesting topic. It is Polymorphism behind this.

Reference type: by default (which means no Equals overriding or '==' operator overloading) both of them do reference comparison.

Value type: by default it doesn't support '==' operator. If you define a struct and use '==' operator to compare its two instances, it can't pass the compilation. You need to overload '==' operator in the struct. Equals checks the values equality.

Equals is overriding and '==' operator is overloading. Remember this will be helpful for you to understand it.
Posted by at No comments:
Labels: , , , ,

A Windows Phone 8 Application Project Summary



Overview

Recently I did a Windows Phone 8 application project for the state government. It has an existing system for tracking and monitoring the tagged sharks in the oceans for research and alerting purposes. It has an internal administration website for maintaining the business data. The goal of this project is to implement a Windows Phone 8 application that can give the staff the ability to maintain the data by using mobile devices either online or offline when they are on boats doing the job, with some nice features such as giving the current location’s longitude and latitude.

 Requirements

The main requirements include:


  • The user needs to input a six-digit number in order to use the functionalities
  • The user needs to be able to retrieve the data from the server if there is a connection
  • The user needs to be able to filter the data on the phone
  • The user needs to be able to create and update the data on the phone
  • The user needs to be able to push the changes back to server. If there is no connection the changes need to be saved on the phone
  • When there is a connection the user needs to be able to push the changes saved on the phone to the server
  • The phone needs to provide the location service to get the current location’s longitude and latitude
  • The communication between the phone and server needs to be secured
  • Only authorized phone devices can exchange data with the server
  • The data stored on the phone needs to be encrypted
  • The user interface needs to be user friendly

Technologies

The project used the following technologies


  • Windows 8 64-bit
  • Windows Phone 8
  • Visual Studio 2012
  • SQL Server Compact
  • Resharper 8.0
  • MVVM Light
  • Windows Phone Toolkit
  • Moq
  • Microsoft Windows Phone Unit Testing
  • Https WCF services

Security

The security is implemented from the following aspects:

  • Windows phone lock screen
  • Mobile application pin number screen  
  • Local data encryption
  • Data transportation security
  • Device authorization process

Windows phone lock screen


The user’s Windows phone devices are required to setup a lock screen with a pin number. The phone should be auto-locked if it is not attended for some time (recommend 5 to 10 minutes).

Mobile application pin number screen


When the mobile app is launched, it displays a pin number screen. The user needs to input a correct six-digit pin number by tapping the numbers on the screen before the user can access any of the application functionalities.

Local data encryption


The mobile application uses a SQL Server Compact database to store the data on the phone. The database is encrypted by using the algorithm provided by .Net Framework 4.5 that the database is encrypted by using AES-128 and the password is hashed by using SHA-256.

Data transportation security


The data exchanged between the Windows Phone and the services is encrypted by using https, which is a secured communication over a computer network. This makes sure all the data is transferred between the phone device and the trusted services in a secure way that the data is encrypted by using a valid certificate from a trusted CA authority.

 Device authorization process
Since Windows Phone 8 operation system does not support client certificate, the mobile application embeds its device unique ID in the message head in every request sent to the service. The service validates the device unique ID against a list of authorized device ID in every request before it processes to any actual data. This makes sure that only authorized devices are allowed to consume the business data.

Windows Phone App Policies

In order to be able to be published on the Windows Phone App Store, there are a list of App Policies need to be implemented by the phone application. The policies can be found at

http://msdn.microsoft.com/en-us/library/windowsphone/develop/hh184841(v=vs.105).aspx


SMN Mobile application implemented two policies:


  • clause 2.7 which is related to location service
  • clause 2.8 which is related to acquiring phone device information


Posted by at
Labels: ,

Sunday, March 16, 2014

Setup Windows Phone 8 Dev environment in virtual machine

Windows Phone SDK 8.0 enables us to develop Windows Phone 8 mobile applications. There are two key requirements for installing Windows Phone SDK 8.0:

  • Hardware-assisted virtualization (make sure it is enabled in BIOS)
  • 64-bit version of Windows 8 Pro edition or higher
Here are the steps:
1. Install Windows 8 X64 in VMWare Workstation. Make sure that in the Virtual Machine settings under the section Virtualizaion engine the option 'Intel VT-x/EPT or AMD-V/RVI' is enabled.



2. Power on the virtual machine, in Windows Features enable the Hyper-V components.
However you may find that the Hyper-V Platform feature is disabled. In order to enable it, which is essential for Windows Phone 8 development, we need to do a small configuration change.
3. Power off the virtual machine. Go to the virtual machine folder, open the *.vmx file by using notepad.
Add the line below and save.
hypervisor.cpuid.v0 = "FALSE"
4. Power on the virtual machine, go to the Windows Features and you will find the feature is enabled now. Tick all the features under Hyper-V then click OK.





5. Install Visual Studio 2012 and its latest updates.
6. Install Windows Phone SDK 8.0 and its latest updates. During the installation you may get an error message. 
The trick to solve this weird problem is changing the system date to 1st October, 2013.
7. After the installations complete, fire up Visual Studio 2012 and create a Windows Phone 8 project.
8. Choose one of the emulators then press F5.
9. The application is launched in the emulator, which means the development environment is ready to go.

Posted by at No comments:
Labels: , , , , ,
Subscribe to: Posts (Atom)