Learn how to manage information that is important to the user: how to enable the password vault to use roaming credentials, how to authenticate users with Live services, how to set up single sign-on (SSO), and how to manage user contacts.
Credential roaming
Apps can now store the user's password in the password vault by using the Windows.Security.Credentials namespace. Users can enable roaming by connecting their Windows 8 computers to the cloud by using their Microsoft account. This automatically allows the user's credentials to roam to all of the user's trusted computers whenever the user signs in with a Microsoft account.
For example, suppose you have a desktop computer and a tablet PC that are both running Windows 8. You connect your desktop computer to the cloud by signing in with your Microsoft account. Next you sign in to your favorite social media app to see the latest news. Later that day, as you are commuting home on the bus, you pull out your tablet and sign in using your Microsoft account. You start that same social media app and you are automatically signed in because your password is already in the password vault, having been synced through the cloud with your desktop computer. For more info, see the Storing user credentials topic.
Single sign-on with a Microsoft account
An app or a website can also support signing in with Microsoft account directly. On a Windows 8 computer, a user can link a local account on that computer with his or her Microsoft account. Then, when the user signs in to the computer using that Microsoft account, any Windows Store app that supports Microsoft account sign-in can automatically detect that the user is already authenticated and the app doesn't require the user to sign in again. The advantage of this over credential roaming is that Microsoft account works for websites and apps. This means that you, as the app developer, don't have to create your own authentication system. See Single sign-on with Microsoft accounts.
For web browsers, if a user is signed into Windows 8 with a Microsoft account, we enable single sign-in to web sites that allow for authentication with a Microsoft account. To support single sign-in, web browsers can read the data from the registry location at HKEY_CURRENT_USER\Software\Microsoft\AuthCookies\Live\Default. Each key under the Default root contains data to be written as an individual cookie. Each cookie can have these values:
- Name: Name of the cookie to be written
- Data: cookie data to be written
- URL: Domain the cookie must be written in
See InternetSetCookie for more details on setting cookies for browsers.
Single sign-on with web authentication broker
Apps can use the web authentication broker by using the Windows.Security.Authentication.Web namespace. This isolates the user's credentials from the application. The broker is the facilitator that communicates with the app. Making use of the web authentication broker on a website that has followed the steps for online providers means that users are prompted only once to sign in to that website. For more info, see the Setting up single sign-on topic.
Managing user contacts
Apps can also work with user contacts using the Windows.ApplicationModel.Contacts and Windows.ApplicationModel.Contacts.Provider namespaces. When working with contacts, apps can choose to get contact information from other apps, such as Live, or to provide contacts to other apps. For more information, see Managing user contacts.
Related topics
Build date: 12/7/2012
