Shows how to create a sample login application for Windows Mobile which utilizes the Enterprise Device Lockdown APIs and optionally authenticates with Azure Active Directory. The app displays the list of Assigned Access roles on the device, and clicking on a role will prompt the user to sign in with credentials from an Azure Active Directory tenant.
Note: This sample is part of a large collection of UWP feature samples. If you are unfamiliar with Git and GitHub, you can download the entire collection as a ZIP file, but be sure to unzip everything to access shared dependencies. For more info on working with the ZIP file, the samples collection, and GitHub, see Get the UWP samples from GitHub. For more samples, see the Samples portal on the Windows Dev Center.
Specifically, this sample shows how to:
- Call Enterprise Device Lockdown APIs to implement a login application
- Authenticate user credentials with Azure Active Directory
This step is needed regardless of whether you intend to use Azure Authentication.
Warning: Once Enterprise Assigned Access is deployed to the device, it cannot be removed. To get rid of it, you must reflash the device.
- The Windows Mobile device should be configured with Enterprise Assigned Access CSP. The wehlockdown.xml file should contain roles with role GUIDs that will be registered in the Azure Active Directory. (If you are not using Azure Active Directory, then you can make up your own role GUIDs.) For more information, see the references below.
Remember: Once Enterprise Assigned Access is deployed to the device, it cannot be removed. To get rid of it, you must reflash the device.
This step is needed if you intend to use Azure Authentication.
Sign up for an Azure subscription and configure the account at Windows Azure Management Portal. Your account should come with a Default directory which will be configured in this sample.
- Add one or more groups to the domain:
- Active Directory > Default Directory > Groups > Add Group
- Each group contains an Object ID on the Properties page. This is the GUID to use for each role in wehlockdown.xml.
- Add one of more users to the domain:
- Active Directory > Default Directory > Users > Add user
- Add the users to the groups above as appropriate.
- Create a native application
- Active Directory > Default Directory > Applications > New
- Determine your native app's Client ID
- Active Directory > Default Directory > Applications > (name of Native Client App) > Configure
- In Scenario1_SignIn.cs, set the clientId variable to the Client ID from this page.
- Get the app's Redirect URI
- Set a breakpoint on the Scenario1_SignIn constructor method in Scenario1_SignIn.cs and inspect the value of the RedirectURI member. This will be unique for your app.
- Set the Redirect URI in Azure Active Directory.
- Active Directory > Default Directory > Applications > (name of Native Client App) > Configure
- Enter your unique RedirectURI here.
This step is needed if you intend to use Azure Authentication.
- You will need to change the following variables in Scenario1_SignIn.cs to match the values in your Azure Active directory tenant created above.
- Replace the provided value of "tenant" with your actual tenant address for your Azure account.
- Replace the provided value of "clientId" with the actual value of your native application created in Azure Active Directory. (See step 5 above.)
Note The Windows universal samples require Visual Studio 2017 to build and Windows 10 to execute.
To obtain information about Windows 10, go to Windows 10
To obtain information about Microsoft Visual Studio and the tools for developing Windows apps, go to Visual Studio
Windows.Embedded.DeviceLockdown
Windows Azure Management Portal
Windows app samples
Enterprise Assigned Access CSP
Lockdown XML
Locking down a device
Client: Not supported
Server: Not supported
Phone: Windows 10
- Start Microsoft Visual Studio 2017 and select File > Open > Project/Solution.
- Go to the directory to which you unzipped the sample. Then go to the subdirectory containing the sample in the language you desire - either C++, C#, or JavaScript. Double-click the Visual Studio Solution (.sln) file.
- Press Ctrl+Shift+B, or select Build > Build Solution.
The next steps depend on whether you just want to deploy the sample or you want to both deploy and run it.
- Select Build > Deploy Solution.
- To debug the sample and then run it, press F5 or select Debug > Start Debugging. To run the sample without debugging, press Ctrl+F5 or select Debug > Start Without Debugging.