I'm working on a Windows Store app. This app allows the user to pay for an upgrade in the app. The upgrade simply removes the advertisements (for now). I submitted my app for certification. However, it failed. I suspect the reason it failed is because of 1.2 (http://msdn.microsoft.com/en-us/library/windows/apps/hh694083.aspx).
More specifically, I believe its because I did not provide a way for testers to test purchases. My question is, how do I do that? The certification doesn't say anything about that. But the certification report I received said a possible reason for failure was: "Can users make purchases through the app? If so, you need to provide a way to test those purchases.".
My app does not require a username/password, so I don't have a way of identifying the user. How do I know its a tester to allow them to test purchases.
Maybe they mean you should provide a step-by-step description of how to find your Upgrade button and test the additional functionality of your App?
The Microsoft test team needs to verify that your Upgrade features are working properly.
In your case you would have to write something like this in the App Store Description:
Go to into the main menu and click the Upgrade button.
As you can see, all advertisements are removed from the app.
Places that have advertisements before buying the Upgrade:
Welcome screen
...
....
Related
I have scoured the web looking for bits and pieces of a more comprehensive solution. I have been unsuccessful in my efforts, so I send up a call for help.
The problem:
I have a .Net/C# WebApp that uses windows integrated authentication. The application is a custom form application that allows users to submit requests. These requests are then routed to supervisors and other parties that will review and approve the requests.
For audit purposes, I must have each supervisor "Sign" the form. The easy solution - use the active browser session information. A user clicks the "approve" button and that information is logged into the database (ID and date/time). But the auditors don't like this solution. They view it as insecure. They want a separate challenge for credentials where users are forced to enter an ID and password (and very soon present a token/PIN combo in lieu of ID/password).
To satisfy this in an infopath version of this form, I used CredUIPromptForCredentials. That code (although written in C#) does not directly port to the new custom WebApplication. I did some digging and uncovered a number of resources on the newer CredUIPromptForWindowsCredentials:
How to show Windows Login Dialog?
Show Authentication dialog in C# for windows Vista/7
How to show authentication dialog in C# .Net 3.5 SP1
Windows Security Custom login validation
This is really in the spirit of what I'm trying to accomplish. With very few modifications to the code in the articles above (and borrowing from some code in my old InfoPath form), I was able to get a working system of prompting and testing.
I would be happy to share the existing code if anyone is interested, but it is VERY similar (nearly verbatim) to the existing code referenced above. The only difference is a separate isAuthenticated method that actually tests the credentials by instantiating a DirectoryEntry object and passing that object to a DirectorySearcher object to test if the credentials worked.
But no so fast. This code, as I said, works, but ONLY when I run in debug mode in Visual Studios 2012. If I visit the site by entering the address and click the button to "sign" the form, the site spins and never shows the security dialog. It's almost as if (and this is just my guess) the IIS settings that allow windows authentication are preventing the applications request to prompt for credentials. This is not the case when I run the site through the debugger.
Once I get past that barrier, I have to actually do some further testing to see if this code will support authentication with a PKI card. I am guessing it will since CredUI passes the prompting to windows to handle.
So here are the questions:
1) What could possibly be preventing the windows security window from popping up when the method is called through the IIS server VS running in Debug (localhost)?
2) Does anyone have any experience with implementing CredUIPromptForWindowsCredentials to work with PKI?
2a) If so, does CredUIPromptForWindowsCredentials actually support PKI without any additional code (assuming that the windows workstations are configured with all of the hardware, drivers, and middleware)?
Thanks in advance for any insight you can lend.
Phil S.
Looking your problem and as an old Auditor, may I recommend an detour to satisfy your auditing team? PKI is not the most safe thing around...
1) Provide a normal LOGIN/PASSWORD form, without any special instruction or Credentials (that could be frauded or stolen "on the fly"). Preferable, utilize HTTPS in this page.
2) Once the guy inform the data, pass a 2-Factor Authentication using SMS (INstant Message). The cost is really irrelevant (see Twilio to get some idea). Obviously, each guy, beyond his login/password, must have his phone within database.
3) This way you can ensure that the Supervisor is really the guy who had approved/sign the page.
It´s the safer mode and, because of it, Facebook, Google Mail and others are utilizing this method.
Sorry, I know I not answered you as you need, but it´s safer than your proposal.
Good luck!
I was working on windows phone 8.1 (WinRT) application. I wanted to give certain users free redemption codes by which they can get the app for free when inserted from the app. But I wanted to change their license info so that even if they
Change the device and install the App or
Uninstall the App and reinstall it,
they should be able to use the App for free. By using the device ID I can take care of problem 2). But since LicenseInformation.IsTrial is a read only property I cant change it and solve problem 1).
Is there anyway I can at least get the outlook,live ID from which the user has logged in the phone so I can treat it uniquely?
You can try to create an in-app purchase item with zero price. So when the user enters the code, then make him buy that item for $0. Once bought, it will be associated with his account, and be transferable across devices
I've started creating a C# Windows Phone (Silverlight) app. I would really like to include in-app products. I've followed the tutorial: Tutorial
I've managed to add all the in-app products to my app. Just to test it, I've added a free in-app product. But when I click the download button in my app, I get an error message. My code is exactly the same as the above tutorial at the moment. I will change the code after fixing this error.
Error message
Service not available
The Store isn't available at the moment.
Please check back in a bit.
Inquiring minds may find this error code helpful: 805a01f4
I've googled the error code. According to the Microsoft website, I have to try again later. I've been trying for 3 days. But I am able to download apps from the store.
What I'm I doing wrong?
some people solved the problem by changing the APP-ID in the AppManifest.xml and WMAppManifest.xml to the one given in the dashboard.
http://social.msdn.microsoft.com/forums/windowsapps/de-de/79e81def-39f4-4465-abad-d4c484f099ef/users-reporting-error-code-805a01f4-when-trying-to-buy-inapp-purchase?forum=wpdevelop
For me this solution didn't work, but maybe for you?
I currently have an app on the Android Google Play market which has a few in app purchases available.
I am looking to add another one which would be a subscription to give them extra functionality not only in the Android app, but also on my website too.
The availability of the feature on the website would be tied into the Android app and if the stop subscribing in the app then I would want to stop access on the website too.
Is there a way to check if they have purchased an in app upgrade using asp.net (preferably with c#, however open to other methods) and if so could you point me in the right direction as to what I need to do please?
My attempts at Googling this has returned no results so I am not sure if this is possible or if my Googling is just rubbish!
Thanks.
I’m working on getting data sync happening for my Win8/WP8 app - written in XAML/C#. Periodically / or at app start up / suspend, I want to sync data files with the user’s OneDrive. To do that I need to get them to login to their Microsoft Live Account. I was looking to use Live SDK (v5.6) to do that.
Problem:
For users who have local Windows 8 accounts, the Live SDK lets me sign then in with a built-in credential prompt. This is working.
For users who have linked their Microsoft account with their Windows 8 account (and are logged in to Windows using their Microsoft account) the Live SDK lets me use single sign-on - and I have this working.
But I can’t call sign out, in order to sign in with a different Microsoft account.
1b is my problem. The built-in Windows Store app, lets users have a UX where they can use the MS account linked to their Windows account - OR - choose to use a different MS account. In effect: a ‘sign in as different user’ option. (See attached). It doesn’t look like it is technically single-sign-on in the built-in Windows store app, but that’s the UX I want - I don’t care so much for single sign-on, its a nice to have, but sign-in as a different user is a very important requirement.
What I’ve tried:
Lots of searching around. Found a bunch of people on the interwebs asking for the same thing. There are unanswered questions and even some ‘accepted’ answers on SO that don’t really work:
Sign in to multiple Microsoft account in Windows Store app
Windows Live SDK doesn't LogOut()
(incorrect answer)
Can the Windows 8 Live SDK use another Microsoft Account other than the current user? (incorrect answer)
I’ve forked the LiveSDK on Github (https://github.com/krishna-nadiminti/LiveSDK-for-Windows/commit/2cdb5408c0d8482c026cd96da6b99e4633677081) and tested it out - with and without requesting the ‘wl.signin’ scope - no good. It doesn’t have an option to change user.
Looked through the docs for WinRT - OnlineIdAuthenticator class, there is an option to always show CredentialPrompt when signing in users - but it does not allow the user to change the username if signed in via a linked account.
I looked through the built-in WinStore app’s js code and it uses some internal (native?) call to a ‘OMStub’ - which has methods to auth the user. This doesn’t seem to be part of the public JavaScript Live SDK
Question(s):
Are there Win32 / WinRT APIs that I could use to show credential prompts in a XAML app?
Can I use a WebView and auth users that way?
Should I just fall back to using the REST API and roll my own auth flow + UI for this?
How does the WinStore app do it?
Workarounds / Store certification:
For now, I’m a bit worried I only have the last option: roll my own .NET client over the Live connect REST API, and add my own UI for the credential prompt, and a user consent dialog which look exactly like the ones that the Windows Runtime provides. What will happen to store certification in that case? I can run it past WACK first - but the store app cert guidelines don’t talk about this: so unsure whether it will pass certification.
There is no mention of Microsoft account that I could find in the app certification guidelines.
The docs for Live SDK on MSDN explicitly mention that we’re not meant to create our own login UI: http://msdn.microsoft.com/en-us/library/windows/apps/xaml/hh968445.aspx
However, the store app seems to violate this - may be because it doesn’t use the Live SDK at all.
There is also a MSDN article that says when the user signs in to Windows with a Microsoft account, sign out is just not possible from inside an app:
http://msdn.microsoft.com/en-us/library/windows/apps/jj193591.aspx#adding_user-authentication_functionality_to_your_windows_store_apps and that the only way is for the user to dissociate the Windows/Microsoft account or switch to a different user account.
Again - clearly this is not the case. The store app provides users a way to use a different account.
Help please?
You might want to look into the Web Authentication Broker: http://msdn.microsoft.com/en-us/library/windows/apps/xaml/dn448945.aspx
It will invoke the actual Microsoft Account login flow but still give you the flexibility to sign out and back in as another user.