Wi-Fi WPA-Enterprise with TLS Profile Sample (Compact 2013)

  • Article

3/26/2014

This sample profile uses Extensible Authentication Protocol-Transport Level Security (EAP-TLS) with certificates to authenticate to the network.

This sample is configured to use Wi-Fi Protected Access (WPA) security running in Enterprise mode (WPA-Enterprise). The WPA-Enterprise security type uses 802.1X for the authentication exchange with the server. Encryption uses Temporal Key Integrity Protocol (TKIP).

The certificate store is the source of EAP-TLS credentials. If authentication based on the credentials in the certificate store does not work, it prompts the user to provide valid credentials. If the first try does not work, it does not use alternative servers, root certificate authorities, or user names for authentication.

<?xml version="1.0"?>
<WLANProfile xmlns="https://www.microsoft.com/networking/WLAN/profile/v1">
    <name>SampleWPAEnterpriseTLS</name>
    <SSIDConfig>
        <SSID>
            <name>SampleWPAEnterpriseTLS</name>
        </SSID>
        <nonBroadcast>false</nonBroadcast>
    </SSIDConfig>
    <connectionType>ESS</connectionType>
    <connectionMode>auto</connectionMode>
    <autoSwitch>true</autoSwitch>
    <MSM>
        <security>
            <authEncryption>
                <authentication>WPA</authentication>
                <encryption>TKIP</encryption>
                <useOneX>true</useOneX>
            </authEncryption>
            <OneX xmlns="https://www.microsoft.com/networking/OneX/v1">
                <EAPConfig>
                    <EapHostConfig xmlns="https://www.microsoft.com/provisioning/EapHostConfig" 
                                   xmlns:eapCommon="https://www.microsoft.com/provisioning/EapCommon">
                        <EapMethod>
                            <eapCommon:Type>13</eapCommon:Type> 
                            <eapCommon:AuthorId>0</eapCommon:AuthorId> 
                        </EapMethod>
                       <ConfigBlob><!-- This is empty. See note below --></ConfigBlob>
                   </EapHostConfig>
                </EAPConfig>
            </OneX>
        </security>
    </MSM>
</WLANProfile>

Remarks

The PEAP implementation ofWindows Embedded Compact supports only ConfigBlob, which contains all EAP configurations as a hexadecimal binary. For most settings, the value of ConfigBlob is empty.

Note

When ConfigBlob is empty, it uses the default EAP configuration. You can also customize ConfigBlob, which is the configuration binary of the given EAP formatted in hexadecimal. You can obtain the corresponding configuration binary from the ppConfigOut parameter of EapHostPeerInvokeConfigUI. If you call EapHostPeerInvokeConfigUI, it promotes the corresponding EAP configuration UI to edit the configuration. The output of ppConfigOut is the binary of the configuration. You must format the binary to hexadecimal before saving it to ConfigBlob.

See Also

Tasks

Wi-Fi Non-Broadcast Profile Sample
Wi-Fi WPA-Enterprise with PEAP-MSCHAPv2 Profile Sample
Wi-Fi WPA-Personal Profile Sample
Wi-Fi WPA2-Enterprise with PEAP-MSCHAPv2 Profile Sample
Wi-Fi WPA2-Enterprise with TLS Profile Sample
Wi-Fi WPA2-Personal Profile Sample

Other Resources

Wi-Fi Profile Samples