iOS has a CaptiveNetwork programming interface with a function CNSetSupportedSSIDs which allows an app to register for specific SSIDs so that when a device associates to one of those SSSIDs and there is a captive portal, the app is called rather than the default web sheet. The app then has the responsibility to notify the OS when the user has authenticated to the Wi-Fi network.
Windows phone has the same behavior: also opens a web sheet when the phone associates to a captive network.
Is there an equivalent method for Windows Phone, for an app to register itself as the responsible for managing captive portals for specific SSIDs so that the app is opened when the captive portal is detected?
First answer would be - no, you can't bind to a specific SSID from within the system itself (to launch the app, that is).
However, since a captive network most of the time redirects you to a specific URL, you could experiment launching apps via the associated app URI scheme. This will require that whatever network you're going to be managing actually has the capability to fetch an app URI instead of just the auth page.
Related
CTAP2 allows apps on mobile phones to act as roaming authenticators. An app may implement the protocol over one or more of the supported transports.
However, there are use cases where the web or native app being accessed would be run on the same mobile device as the roaming authenticator. Can this use case be supported by CTAP2?
PS: Why is there no ctap or ctap2 tag? I used 'fido' as a proxy.
However, there are use cases where the web or native app being accessed would be run on the same mobile device as the roaming authenticator. Can this use case be supported by CTAP2?
CTAP defines a protocol that is used between devices. For apps to provide credentials on the same device, the OS of that device would need to support them plugging into the standard APIs.
We (Google) said yesterday, “Please stay tuned for more updates from us in the next year as we introduce changes to Android, enabling third party credential managers to support passkeys for their users.” But I believe that's the most that any of the platforms have said on this point so far.
I am writing an iOS app that will use data from Skype for Business, and am following the guide from Microsoft called Create an application, which must be done before being able to use the API's.
What is unclear to me is when exactly to create an application? Is it:
per client, i.e. only once ever?
per home server?
per user?
per session?
The application here is more a kind of "virtual object (the application)"
which needs to be created here, until you can start using Skype for Business (SfB) features.
So your question isn´t that easy to answer as its not clear what you wish to perform (e.g. did you wish to login, perform some task and then logoff again?). So it depends a little bit on your application and which features you are using. Therefore its no "only once ever" as the "virtual object (the application)" is destroyed at some time (e.g. your application crash and the SfB server no longer got a "yes we are still here and are listening" requests). This is controlled by the lifetime of a token which is eight (8) hours for authenticated users so you need to renew that or your application will stop working. So its more a "per taskuser & login & time" approach...
Microsoft explained the above as well in the following statement: "This is how you register your application with UCWA 2.0 as an agent of the user whose credentials you obtained in a previous step."
If you are creating an iOS application that will interact with a Skype for Business server, you can use the Skype for Business App SDK for iOS. This client library handles anonymous meeting joins for users who are not homed on a Skype for Business server. For all other Skype for Business features, you'll need to use an iOS REST library of your choice. The REST endpoint that works best for a client application is actually the Skype Web SDK. The Skype Trusted Application API is designed for server-to-server communications where your server is talking to a Skype for Business Online instance. In that case, your server obtains and processes Skype data and then it makes it available to a client such as an iOS app. Unless you intend to create a middle tier between Skype for Business Online and your iOS app, you should use the Web SDK.
We're trying to find a way to authenticate a client via a mobile application rather than using a captive portal splash page. Is this possible at all?
I've looked at the CloudTrax API but can't seem to find anything that directly indicates the ability to authenticate users.
Another option I considered was trying to make a http request which would return the splash page and then with Javascript, imitate a click event on the authenticate button..
If you use the cloudtrax http authentication then you should be able to do this fairly easily.
Cloudtrax HTTP auth sends an initial status request to your HTTP auth endpoint whenever a client connects to the wifi network if they haven't already got an authenticated session. This is before any login or captive portal popup is displayed. Your HTTP endpoint can respond to that request with an ACCEPT message along with session time and bandwidth restrictions. The AP will then just authenticate the device and allow it internet access without displaying any captive portal.
Not sure what your use case is for the mobile app (eg are you doing some other customer engagement inside the app?), but you could implement this without an app. Just push them to a captive portal the first time you detect their mac address, get them to register. Then all future connections can just be automated in the backend.
If you do need an app, then just do the registration part inside the app and have the app send their mac address to your backend server so the HTTP auth server can look it up in future.
I am making a wcf rest service which will be used from mobile devices. If the request is not from a mobile device, it will not be possible to access the service.
So I need to identify if the request is from android, iphone or windows mobile.
Is there any way that I can identify the request?? I tried to google it but did not get any suitable answer...!!
Unfortunately, User-Agent can be easily faked. Some mobile or desktop browsers allow changing the user-agent string.
This is workable if you are not too concern about it.
If you absolutely must secure the service only accessibly from a mobile device, you would need some kind of authentication / authorization method.
For example, I would develop a mobile application (android or ios) and only allow my service to interact through the application that I developed. The mobile application can then provide an authentication code when establishing contact with my service. Probably the authentication code can be hard-coded inside the mobile app.
However, it's possible that the app can be run from an emulator sdk. You could probably write further checks inside your app to get the hardware details from the mobile device to verify it is actually an mobile hardware. (This i'm not so certain as I haven't really got into it)
I think the only way to identify a mobile device is matching the User-Agent against a list of known mobile UA strings.
Here you have a list: http://www.zytrax.com/tech/web/mobile_ids.html
There might have been a restriction on originating (making) calls (voice or data)
from mobile phones without an explicit user permission
i.e. a window would pop-up, asking the user to press 'Yes'/approve or 'No'/cancel
for a call attempt made by a software application on that cellphone/mobile.
There seems though to exist API for making calls, voice calls and data calls, on various
embedded OS like WM, Symbian and Android. Do they require a user button-press then?
This is about runtime security model.
When you develop a mobile application, you also make a list of the APIs it might want to use. If these APIs are protected by a "capability" or "permission", you need to declare it in the application manifest file or makefile.
Depending on the target handset security policy and the access your application requires you may need to have it signed by a trusted third party (verisign, geotrust, google, apple, your mobile network operator, your handset manufacturer...)
The J2ME security model is: the user is asked about API access based on who trusts your application (i.e: your mobile network operator checks that your application won't cripple their network, so it's OK to only ask the user once about whether (s)he doesn't mind being charged for data download).
The native Symbian OS security model is: your application will not install unless it is trusted by somebody with enough power (i.e.: only the handset manufacturer has enough power to trust a new hardware driver)
A non-jailbroken iPhone security model is presumably all or nothing: If apple trusts your application it can do whatever it wants.
I don't know whether anybody has actually made a partially-trusted Android application that isn't available on the Android store and that can be installed on an operator-subsidised android handset.