Table of contents
TOC
Collapse the table of content
Expand the table of content

Security

Last Updated: 11/14/2016

[ Updated for UWP apps on Windows 10. For Windows 8.x articles, see the archive ]

This section contains articles on building secure Universal Windows Platform (UWP) apps for Windows 10.

Introduction

If you're new to Windows or UWP development, start with the Intro to secure Windows app development. This introductory-level article provides an overview of security considerations for apps and the various features available in Windows 10.

Authentication and user identity

The authentication and user identity section contains walkthroughs for scenarios related to user login and identity. Apps have several options for user authentication, ranging from simple single sign-on (SSO) using Web authentication broker to highly secure two-factor authentication.

TopicDescription
Credential lockerThis article describes how apps can use the Credential Locker to securely store and retrieve user credentials, and roam them between devices with the user's Microsoft account
Fingerprint biometricsThis article explains how to add fingerprint biometrics to your app. Including a request for fingerprint authentication when the user must consent to a particular action increases the security of your app. For example, you could require fingerprint authentication before authorizing an in-app purchase, or access to restricted resources. Fingerprint authentication is managed using the UserConsentVerifier class in the Windows.Security.Credentials.UI namespace.
Microsoft Passport and Windows HelloThis article describes the new Windows 10 Microsoft Passport technology, and discusses how developers can implement this technology to protect their apps and backend services. It highlights specific capabilities of these technologies that help mitigate threats from conventional credentials and provides guidance about designing and deploying these technologies as part of your Windows 10 rollout.
Create a Microsoft Passport login appPart 1 of a complete walkthrough on how to create a Windows 10 UWP (Universal Windows Platform) app that uses Microsoft Passport as an alternative to traditional username and password authentication systems.
Create a Microsoft Passport login servicePart 2 of a complete walkthrough on how to use Microsoft Passport as an alternative to traditional username and password authentication systems in Windows 10 UWP (Universal Windows platform) apps.
Smart cardsThis topic explains how apps can use smart cards to connect users to secure network services, including how to access physical smart card readers, create virtual smart cards, communicate with smart cards, authenticate users, reset user PINs, and remove or disconnect smart cards.
Share certificates between appsUWP apps that require secure authentication beyond a user Id and password combination can use certificates for authentication. Certificate authentication provides a high level of trust when authenticating a user. In some cases, a group of services will want to authenticate a user for multiple apps. This article shows how you can authenticate multiple apps using the same certificate, and how you can provide convenient code for a user to import a certificate that was provided to access secured web services.
Windows Unlock with companion IoT devicesA companion device is a device that can act in conjunction with your Windows 10 desktop to enhance the user authentication experience. Using the Companion Device Framework, a companion device can provide a rich experience for Microsoft Passport even when Windows Hello is not available (e.g., if the Windows 10 desktop lacks a camera for face authentication or fingerprint reader device, for example).
Web Account ManagerThis article describes how to show the AccountsSettingsPane and connect your Universal Windows Platform (UWP) app to external identity providers, like Microsoft or Facebook, using the new Windows 10 Web Account Manager APIs. You'll learn how to request a user's permission to use their Microsoft account, obtain an access token, and use it to perform basic operations (like get profile data or upload files to their OneDrive).
Web authentication brokerThis article explains how to connect your app to an online identity provider that uses authentication protocols like OpenID or OAuth, such as Facebook, Twitter, Flickr, Instagram, and so on. The AuthenticateAsync method sends a request to the online identity provider and gets back an access token that describes the provider resources to which the app has access.

Cryptography

The cryptography section contains information on more complex, cryptographic related topics.

TopicDescription
Intro to certificatesThis article discusses the use of certificates in apps. Digital certificates are used in public key cryptography to bind a public key to a person, computer, or organization. The bound identities are most often used to authenticate one entity to another. For example, certificates are often used to authenticate a web server to a user and a user to a web server. You can create certificate requests and install or import issued certificates. You can also enroll a certificate in a certificate hierarchy.
Cryptographic keysThis article shows how to use standard key derivation functions to derive keys and how to encrypt content using symmetric and asymmetric keys.
Data protectionThis article explains how to use the DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace to encrypt and decrypt digital data in a UWP app.
MACs, hashes, and signaturesThis article discusses how message authentication codes (MACs), hashes, and signatures can be used in apps to detect message tampering.
Export restrictions on cryptographyUse this info to determine if your app uses cryptography in a way that might prevent it from being listed in the .
Common cryptography tasksThese articles provide example code for common cryptography tasks, such as creating random numbers, comparing buffers, converting between strings and binary data, copying to and from byte arrays, and encoding and decoding data.
© 2016 Microsoft