The only official resource available for authenticated push notification on windows phone 8 is http://msdn.microsoft.com/en-us/library/windows/apps/ff941099(v=vs.105).aspx but it doesn't meets the requirement. Can someone list the steps for authenticated push notifications on windows phone 8 using IBM Worklight 6.1.
Per the IBM Worklight user documentation:
To use an authenticated push notification service, you must first set
up a Secure Sockets Layer (SSL) certificate keystore. For more
information, see SSL certificate keystore setup. The keystore can
contain several certificates, one of which is the certificate for
authenticated push notifications to Microsoft Push Notification
Service (MPNS).
You must also authenticate your web service with Microsoft, as documented in the Windows Phone > Development Center at http://dev.windowsphone.com/en-us/develop/.
The serviceName attribute from the application descriptor is passed to
the application's client side, and is used when a new notification
channel is created. The URI token of the notification channel starts
with "https", rather than "http".
The keyAlias and keyAliasPassword
attributes are used by Worklight® Server to extract the certificate
from the Java™ keystore file, so that it can be used in the handshake
process with Microsoft Push Notification Service (MPNS). Any push
notifications submitted to the application will be authenticated and
secure.
The end result should look something like this:
<windowsPhone8>
<pushSender>
<authenticatedPush serviceName="myservice"
keyAlias="janedoe"
keyAliasPassword="a1b2c3d4"</authenticatedPush>
</pushSender>
...
</windowsPhone8>
There is nothing else to it.
If you are encountering issues, you should probably actually note those in the question body.
Related
We have multiple device which access microservice via Azure APIM. Each device has wrapper, for example Mobile wrapper which access microservice. Now i want to do mutual certificate authentication in order to restrict mobile wrapper accessing microservice directly via APIM. Hence we decided to install client certificate at mobile wrapper which is hosted on Azure Appservice and server certificate at Azure APIM to do authentication before connecting to microservices. Similarly we have multiple client certificate for individual device wrapper like whatsapp bot, FB etc which will be interacting with APIM. My question is if this approach is feasible from architecture perspective.
Sure that would work, just make sure that you actually test for a client certificate in APIM policy (context.Request.ClientCertificates) and validate them somehow. You could compare thumbprint to a predefined hardcoded value, or call .Validate on a certificate if all of them are issued by limited number of CA, and CA cert is uploaded into APIM.
I'm setting up certificate authentication for my project using Tomcat. It works ok for command line client such as cURL.
I have many client certificates installed in Chrome browser. Some are using to connect to my site, others are used for different purposes and not relate to my project.
Every time I connect to my site, Chrome presents a list of client certificates for choosing. These are exactly the certificates that I installed and not others. My questions are:
How Chrome knows which client certificates are for a site to present for choosing?
Tomcat stores those client certificates in its trust store. During
SSL hanshake, Tomcat will request for client certificate. Does it
request for some specific certificates that it knows in its trusted
store so that Chrome knows what to show?
The client certificate authentication is ruled in the handshake phase of the SSL/TLS protocol implemented by browsers.
If the server requires a client certificate authentication (it is
optional), send a message to client with the list of the accepted
certificate authorities (CA). Can be void if server accepts any
certificate.
The client select the certificates installed in client keystore which have been issued by any of these CA's, and present the list to user. In case of Chrome, the browser selects the certificates installed by user from the operating system's Key Store.
User choose a certificate, and the client performs a signature with the private key of the certificate over a known data interchanged during handshake.
Only certificates with private key can be selected during step 2. This is the reason by with the browser does not select the certificates of trusted CA's installed in your device. You do not own the private key
I am building a "proxy client" extension for chrome and i have following scenario:
Users can login to the extension and get a token from API. Tokens are valid for 2 hours.
After login users can select a proxy server from a list and that proxy is set with chrome.proxy api.
I am using Squid on proxy servers. When a user connects to a proxy server and lands on onAuthRequired i return email and token as authCredentials.
Chrome uses those credentials from cache until token is not valid anymore and proxy server responses "407, Proxy Authentication Required". Now the problem i am facing here is when i login with another username on same browser and connect to same proxy server it still sends old users credentials to the server because they are still valid. My question is how can delete chromes proxy auth cache so that it lands onAuthRequired again and i can return new users Credentials.
I tried to modify the response from proxy server to "407, Proxy Authentication Required" when user makes his first request over the proxy server to force a onAuthRequired but its not working. Chrome still uses cache and still returns credentials from old user to the proxy server.
Have you tried to hook up another event handler within the webRequest API in order to manipulate the http headers before Chrome takes on authentication?
E.g. onBeforeSendHeaders or onHeadersReceived
I developed a window mobile phone 8.1 application and register that application to receive push notification under our company account, then i created a hub in windows azure account and copy that package id and secret id in that hub configuration section.
i created a channel using PushNotificationChannelManager then i registered the channel in hub in the application start up OnLaunched event. ( Windows phone 8.1 )
i created a notification hub client and pass the toast template variable in SendWindowsNativeNotificationAsync method. ( Console application )
You could perform NH registration only for registered users, so only registered users would receive notifications.
It is also possible to perform NH registration via backend (console application). Obviously, to do that your device application should get channel and then pass it to backend somehow (web services or similar). At this point you could enforce any authentication mechanisms, security checks, encryption or whatever you want before register channel in NH. The thing is only backend knows NH connection string, it is not exposed with client app and nobody else can create registration even using reverse engineering against device app.
Click configure tab on azure hub, and choose "Enable unauthenticated push notifications" and save, it works!
I have developed an Windows Store App consumes WCF service deployed in another server(not mine) everything works fine until i have disabled the Anonymous Authentication to off getting an error message
"The HTTP request is unauthorized with client authentication scheme 'Anonymous'.
The authentication header received from the server was 'NTLM,Negotiate'."
I have googled and found some of the solutions applied but none of the solutions worked for me.The same WCF service accessing in another project it works fine no complains but when i'm using with windows 8 store apps i'm getting the above error.
Any Solution or Explanation is much appreciated.
[Hi Dinesh Haraveer,
Please try using Enterprise authentication.
Windows domain credentials enable a user to log into remote resources using their credentials, and act as if a user provided their user name and password. The enterprise Authentication capability is typically used in line-of-business apps that connect to servers within an enterprise.
You don't need this capability for generic communication across the internet.
Please try looking into http://msdn.microsoft.com/en-us/library/windows/apps/hh464936.aspx