API to access Windows Store - windows-store

Does windows store has an API?
For example when you open the "store" app, there is a "top free" list that will show the top 100 most popular free apps. Is the list coming from an HTTP endpoint somewhere on the internet?

There is no official API for accessing content in the Windows Store. I'm sure that the content is being pulled in from the web via and HTTP or HTTPS endpoint but using an undocumented service like this would likely not be recommended. It also doesn't look like there is a protocol activation schema documented for launching the store. The closest thing I can find is the MarketplaceDetailTask in Windows Phone. http://msdn.microsoft.com/en-us/library/windowsphone/develop/microsoft.phone.tasks.marketplacedetailtask(v=vs.105).aspx
The only other supported way of launching the store would be by using links to apps which cause the store to open.

Related

Adding Server Push to replace polling on to an asp.net WebAPI REST service

I am hoping this is not too off topic for a post here.
I have an asp.net webAPI service, which provides a number of routes to get near realtime data (ie within say 10 seconds), which required the client application to poll for changes.
I am investigating on which technology would be best to add an "opt in" push notification service, which just pushes "thin" payloads to tell the client application it is now time to call the existing REST route for an update. This way, the push payload is small, and does not contain any security sensitive data (it still gets this using the existing REST security infrastructure)
Cloud based messaging
Previously, I have been told that, for a Mobile application, I should use something like Firebase cloud messaging, or some other messaging service, however this does not seem like the right solution for "subscription based notifications" I am talking about here. I can certainly see this would be useful, if the client is on either iOS or Android device, and wanted messages/notifications/alarms (etc), which could also work when the application is not running, but this does not seem like the right thing to use of these notifications of changed data (which may be happening all the time, sometimes every 5 seconds). Also, I do not want to only target these mobile devices, but also, for example either a web or desktop application, which may also use the same REST service
Other technologies
I have seen mention of Web sockets, or, in the case of asp.net, the option to use SignalR (which will wrap the web sockets, with fallback). SignalR looks good, but my worry is the availability of client libraries for non web / Windows applications (eg iOS, Android). I am also looking at Rest Hooks. These look interesting, but I can't quite see what the actual "push mechanism" is; it almost looks like they need to POST to the subscriber using HTTP, which means the subscriber has to also act as a "server endpoint".
Just after any thoughts / best practices on this, or what others have used?
In particular, (the verification or otherwise), that for this use case, using cloud based messaging is not the right thing to use due to the frequency of these push notifications (ie something where my server gets to the application via another 3rd party service which pushes to the device/application)
Thanks in advance for any suggestions!
Signalr is an option
There are some libraries which you can use in iOS and android. I suggest you to read once https://visualstudiomagazine.com/articles/2013/11/01/how-to-use-signalr-in-ios-and-android-apps.aspx (its a bit older, but on the point)
Android Client: See How to use signalr in Android
Some alternatives :
Pusher (https://pusher.com/)
Android Client: https://pusher.com/docs/android_quick_start
iOS Client: https://pusher.com/docs/ios_quick_start
Socket.IO (https://socket.io/)
Details iOS Client: https://socket.io/blog/socket-io-on-ios/
Details Andriod Client: https://github.com/socketio/socket.io-client-java
To discuss:
Why you will only send a thin payload whith signalr? I see no benefit for that.
Why "using cloud based messaging is not the right thing"? I do not understand your arguments but I do not know how your application looks like.

iOS9 and HTTP with dynamic sources

My app is remotely updated with image URLs from tons of different sources, most of these on HTTP servers. Now, these HTTP URLs won't download because of App Transport Security.
Apparently I have two options.
Allow all HTTP URLs: Bad practice, possible App Store rejection
Allow specific domains: Not possible because this would mean I can't remotely add images
How can I download the images without disabling App Transport Security?
What if you programmed your own web based API that downloads and stores said images - then you can retrieve them with a call to it. Secure your API with HTTPS. This also gives you more fine grained control in that you own the server you are querying instead of accessing someone else's.

Google spreadsheet: security error from flex

I have an app that uses a google spreadsheet to populate a menu and some related pages. Works great in debug but gives the "security error" when released.
It seems like some google services (eg picasa) permit flex apps to access them. Is google docs not open this way?
What is the API URL you are checking? Does that URL have a CrossDomain.xml file? If not; then you can't access it directly from a Flex (or Flash Player) app. You'll have to use a Proxy of sorts.
Most people implement Proxy's on the server side. Basically, your Flex app will call the proxy and send the appropriate data. The proxy will then call the API (in this case Google Docs), get the results of that call, and then return the results to the Flex app.
Doing a quick search, I found this page. Are you trying to access the spreadsheets.google.com URL? If so, check out it's crossdomain.xml file. It appears to prevent all access.

DoD PKI CAC authentication in Tomcat (embedded in JBoss)

I need to support DoD issued CAC-based authentication in my web application deployed in JBoss. Could someone give me pointers on where to start, the steps involved, etc?
Also, which JCE provider should I go with (OpenSSO, BountyCastle, etc)? I tried to google for a list of (active/current) providers but couldn't really find it. Is there a list of JCE providers that are most popular (by virtue of their underlying security algorithms? Thanks.
I haven't worked with CAC cards, but PKI integration is typically handled by PKCS#11 middleware installed on the client CPU. On the server, you may need to intercept the request at the apache module level to enable PKI/SSO, here's a slideshow with more info on how they did it for forge.mil:
http://www.slideshare.net/rbulling/enabling-web-apps-for-dod-security-via-pkicac-enablement-forgemil-case-study
If you need to do other web based interactions with the card (non PKCS11 functions like if you want to talk to one of the other apps installed on the card from your web app, or install an applet on the card) you'll need some kind of browser plug-in to send raw APDUs or higher level commands via PCSC. My company makes a plug-in for this purpose, it's available at https://cardboss.cometway.com.
Finally, I like bouncycastle... I doubt you will find any lists of JCE providers sorted by popularity.

How can I launch an external application from the Browsers (IE, Firefox, Chrome, Safari) in windows

Is it possible to embed an external application inside the browser (IE, Chrome, Safari, Firefox) so it will look like a native web application but actually having access to the USB ports of the client machine? I have heard that I need to make an ActiveX control. I would like to use the .Net framework, but if that is not possible, maybe using Java or C++ will be fine.
I have to make an application that will allow to the users to connect an external device to an USB port, this device will take a backup of the information contained in a SIM card and send it to the user's account online agenda. So the user can restore it later using the same application. This should be a web application or at least look like one.
If the first is not possible. Is there any way to launch an external application from all the browsers, and then pass information to the browser window to allow it to refresh after the backup has been made?
Thanks for your help in advance.
First off this seems to be a big security issue and hence this is the reason why you might be finding it tricky.
What I would do is look at it from a different angle; what am I trying to achieve? How is the user going to use the data? Where is the user going to use the data?
From you question I have answered those questions with the following; I hope I've not miss interpretted anything.
I want to copy the data from an external sim card to a central location
I want the user to see this data from the central location; preferablly from a web application.
The user is going to see and use the data from the web app
Assuming all of these things are true; one design option is the following:
1 - Have a client based application which can read stuff from the usb device
2 - Have a secure webservice which the client based application can upload the data too
3 - Have a web application which can view this data and see refreshes
Let me go into bit more detail for each step.
1 - If you write a small client application it is installed or at least runs on the client computer. Due to this it can access the local client resources such as usb and interface with them. This will mean they can read the sim data throuogh this app, buut also potentially save it locally as well as upload the data. To access the web service they would enter their username/password so you could authenticate them for the upload.
2 - This web service would do the authentication from the client application, but also receive the data submitted from the client app. Acessing web services from .net now a days is really straight forward. Using this web service the client application could also do some checking to make sure the data has been updated and it could handle re-tries if the network dropped etc.
3 - The web front end of the system would interface to the same data source. This site would take the username / password to authenticate them on the site, but also let them see the uploaded data. As for the refreshes; if the user is logged in and looking at the data you could have a javascript timer polling an action/service to see when new records have been added etc. This could then display a message through jQuery or similar to notifiy the user. This could be similar to the notifications which StackOverflow gives when you visit for the first time or get a new badge etc.
Hope this helps :-)

Resources