Case Study
Background
Fabrikam is a commercial bank. The primary customers are individuals and employers with up to 10,000
employees. Fabrikam provides Internet banking services to customers.
You are developing a Universal Windows Platform (UWP) app for Fabrikam that extends the Internet banking to a UWP app.
Business Requirements
Core functionality
Users must be able to access accounts, view balances, view recent transactions, and deposit checks by using the UWP app.
Usability
The app must use industry proven design patterns across the app. All navigational elements must be visible at all times.
Security
The app must provide secure transactions to protect customer privacy.
Technical Requirements
Data
The app must use a file based database. You must use a code first entity framework approach.
User interface
You must use a Model-View-ViewModel (MVVM) pattern.
Users must be able to access all content through the top-level navigation after they sign in.
The app must allow the user to upload up to 50 images (front and back) of checks to deposit.
During the upload process, the app must be responsive to any other user actions.
The app must only upload images when no other pending inputs are in the queue.
You must implement the following pages:
Network and web service
The app must meet the following requirements related to networking and web services:
Connect to a web service over a secure HTTP connection to upload images.
Connect to Fabrikam’s core web service to retrieve account information.
Use networking technology already available in the .Net Framework.
Consume the JSON that the Fabrikam core web service provides.
User data and alerts
The app must meet the following requirements related to user data and alerts:
Download new monthly bank statements when possible. The download process must not affect the performance of the app.
Report to the user when the statements are downloaded to the device.
Write a log entry when statement downloads are not successful.
Periodically check for user activity and automatically log the user out when there is no activity for more than
15 minutes.
Security
The app must meet the following requirements related to security:
Use a multi-factor authentication (MFA) by using email and a verification code to identify the user.
Securely store credentials and retrieve credentials.
Automatically sign in the user irrespective of the device that is used to sign in to the app.
Store the resource name within the app itself.
Connect to an authentication app by using the URI schema fabrikam-security://oauth/.
Application Structure
AccountContext.cs
Relevant portions of the app files are shown below. Line numbers in the code segments are included for reference only and include a two-character prefix that denotes the specific file to which they belong.
ImageManager.cs
Relevant portions of the app files are shown below. Line numbers in the code segments are included for reference only and include a two-character prefix that denotes the specific file to which they belong.
ClientProxy.cs
Relevant portions of the app files are shown below. Line numbers in the code segments are included for reference only and include a two-character prefix that denotes the specific file to which they belong.
BkgTaskMgr.cs
Relevant portions of the app files are shown below. Line numbers in the code segments are included for reference only and include a two-character prefix that denotes the specific file to which they belong.
CredentialManager.cs
Relevant portions of the app files are shown below. Line numbers in the code segments are included for reference only and include a two-character prefix that denotes the specific file to which they belong.
MainPage.cs
Relevant portions of the app files are shown below. Line numbers in the code segments are included for reference only and include a two-character prefix that denotes the specific file to which they belong.
You need to configure authentication for the app.
Which two technologies should you use? Each correct answer presents part of the solution. used to access the Microsoft Passport private key stored in the secure TPM chip. For the first time, Microsoft has included the biometric software (middleware) in Windows 10 to support biometrics for authentication. In previous versions of Windows, the OEM (HP, Dell, Lenovo, etc) needed to add its own biometric middleware to support biometric authentication. authentication. Most interesting about Microsoft Passport is that it fully supports the Fast IDentity Online (FIDO) users of cloud services supporting FIDO is that there will no longer be passwords associated with the user’s account. respond to the IDP. Another key point to the Microsoft Passport credential system is that the user needs to enroll every device used to access the service (IDP).
A.
Windows Hello
B.
Windows Kerberos
C.
Azure Active Directory
D.
Microsoft Passport
Explanation:
Microsoft Hello
Microsoft Hello provides simple multi-factor authentication using facial recognition (or iris, or fingerprints) that is
From scenario: The app must meet the following requirements related to security:
Use a multi-factor authentication (MFA) by using email and a verification code to identify the user.
Securely store credentials and retrieve credentials.
Automatically sign in the user irrespective of the device that is used to sign in to the app.
Store the resource name within the app itself.
Connect to an authentication app by using the URI schema fabrikam-security://oauth/.
Note: Microsoft Passport
Microsoft has resurrected the Passport moniker for a new PKI credential system that requires multi-factor
Alliance standards which means it will work with many web/cloud services without modification. The plan is that
Microsoft Passport involves a user logging onto the Windows 10 computer with multi-factor (PIN, face, iris,fingerprint, etc) and either creating a new account or associating an existing account with an IDentity Provider
(IDP). Windows generates a public/private key pair with the private key stored securely outside of the Windows
10 OS. The public key is associated with the account so that a challenge can be sent that can only correctly
https://adsecurity.org/?p=1535