Have couple questions about how works Windows Store experiments:
Preinstalled apps. No signing with ms account. No internet connection.
Which data expected in this case for user? The local default data(see example) or default data that point at store's experiment at the release moment?
ex: value = _variation.GetString("buttonBackgroundColor", "#FFA3A3A3")
How Store's experiment identity the app? by device? by ms account? Or how app take part at statistics?
Which data expected in this case for user? The local default data(see example) or default data that point at store's experiment at the release moment?
I think no data will be collected if a user uses the app without internet connection. And you can post this question at the bottom of this page.
How Store's experiment identity the app? by device? by ms account? Or how app take part at statistics?
Each app in the store has it's identity for recognition, which is unique, and you can view the details from your Dev Center Dashboard: click App Management>App identity. Store detects an app by Store ID.
Related
I was asked by a potential client if I can have my software interact with Esri/ArcGIS Online.
Use case: users is logged into SomeRandomSoftwareApp and is looking at a Widget, this Widget includes an Esri asset id, the user clicks a link that passes that ID to Esri/ArcGIS Online and behind the scenes the user is logged into Esri and they see the data associated with the Esri/ArcGIS Online.
Thanks, Keith
If I understand correctly, you have two options for this: API Keys or Application Credentials.
The first one, is a permanent token generated by the owner of the data that will allow the application easy access to it. This is still in beta, and it was not ready for use the last time I check some time ago.
The second one, the owner of the data will generate credentials for your application. With this credentials you will have to request a token each time you want to access the data, all this via OAuth 2.0.
Check the docs for more details ArcGIS Services - Security
Wanted to discuss under-the-hood information about how session is managed in case of mobile apps - native, hybrid and web applications?
Please validate below Session Management scenarios:
Native (Android/iOS) application
Using Session Cookies: Session cookies are stored in your DefaultHttpClient object. Instead of creating a new DefaultHttpClient (AFNetworking in iOS) for every request, hold onto it and reuse it, and your session cookies will be maintained.
Hybrid (JET, ionic, Angular, Cordova) application
Use localStorage to store the user info after a successful login. On logout clear the localStorage.
Web-HTML5 apps
Attribute-SessionStorage in HTML5: Can be used by the sites to add data to the session storage, and it will be accessible to any page from the same site opened in that window i.e session and as soon as you close the window, session would be lost.
Thanks and Regards,
Rohit
Old way of managing sessions is via cookies.
How it works? When your user enter username and password in your login screen, you give him a session cookie. This cookie is maintained every interaction within your user browser and your web site.
You need to maintain this cookie in your server side. In addition to this session cookie, web sites hold additional information about user in server side session too.
What is problem of this approach?
Inherently, it is not scale-able.
If your user numbers are not high, you can hold this session cookies and additional information in one web server. But if user numbers are high, you need to solve with this with different approaches, like holding this session information in a database or session server.
What is new way of storing sessions
Modern browsers has a local storage capacity. This local storage is ideal for non-critical information for users. Session storage is one session only and when user closes browser (tab), it is deleted. Local storage is for one site, and you need to explicitly delete it or users may choose to delete it.
Store any non-critical information here. If your users logs out from your site, delete them.
Hybrid (JET, ionic, Angular, Cordova) application
A Cordova application is no different from web browser. Here you are sure that your user is only user in this computer (mobile phone); therefore, use exclusively local storage.
Native (Android/iOS) application
Use sqlite to hold your all session information. Never use cookie authorization with native application, it is unnecessary and not scale-able. Use token authorization.
All applications.
For all applications use your login screen to get authorization token, for example JWT token and store it in your application.
web application - local storage
hybrid application mobile - local storage
native application - sqlite
Read difference between cookie authorization vs token authorization here.
Confidential Information
Do not store any confidential information (password, credit card ..) in any of these storage. Store them in your database, and show them to user case by case.
We have a user who gave consent for our Cloud Project to read their Fit data through the Android app. We now want user's coach to access their Fit data through a web UI associated with our Cloud Project. Is this possible, and if so, what is the right way to do it?
Can cross-client identity be used? https://developers.google.com/identity/protocols/CrossClientAuth
I was trying to replace "me" with "user#gmail.com" in the REST endpoint but it doesn't work:
https://www.googleapis.com/fitness/v1/users/me/... ->
https://www.googleapis.com/fitness/v1/users/user#gmail.com/...
Thanks!
There is a mechanism for Android apps to obtain offline access for web back-ends highlighted in the CrossClientAuth guide from your question. With offline access, you can theoretically serve or store that data in any way that the user has consented to. Any access controls of that data to another person is something that you'd have to handle on your own.
Am developing a Windows Store 8.1 app using C# and xaml.
I am doing Single sign on using Azure Active Directory Account login.
I do not want users to be redirected to the Microsoft Account login screen, and then come back. I want to supply them with the login credential screen where we capture their username and password, and then we want to programatically do the authentication against Azure AD, and get back the claims identity.
How can i achieve this?
This is not a supported scenario for security concerns. One of the value propositions for AAD is that the password management, across the whole login lifecycle, is managed and secure. This is particularly important for scenarios in which AAD is securing a 3rd-party SaaS solution. A developer should not be able to have access to a user's credentials at any point.
All that said, it sounds like there is another question here which is answerable: How can I customize the login screen that AAD gives me?
AAD Premium does offer features for adding custom branding to your tenant. However, you still will be working with a screen that is provided for you.
Hi I have an HTML5 app which has a User Login. The app has a Notes option. I am looking for a service which would help me to sync the notes for that user account. So the same user can login in a different device and see the Notes in their device. I cannot use iCloud as Android doesnt support it.
We tried to store the notes in the user db using jsonp but still had some issues.
Someone mentioned about Pusher.com but looks like the service is expensive for a starter like us. Is there any more reliable and cheap options for us? W
Parse is probably more in line with what you are looking for. Pusher provides a service for sending push notifications, but you mentioned the need to store data in the cloud. Parse can accomplish this and does have a free basic plan that you can get started with.