Creating a private key on the server (Windows Store apps)
A website may require the use of client certificates for strong user authentication. The website can generate a private key and certificate on the server and then send them to the client for installation. Your Windows Store app can require the user to authenticate by using a one time password upon first use. Then your app can obtain the certificate and key from the server and install them into the app container. The user can subsequently authenticate to the site by using the certificate without a password. If the user moves to a different computer or loses the certificate and key, your app can provide the client a copy from the server.