This project is read-only.

This Toolkit is now deprecated and is now

superseded by Windows Azure Mobile Services

The Windows Azure Toolkit for Windows Phone provided developers with the first iteration of support for building backend services for Windows Phone apps using Windows Azure.  The main areas of feedback we received from mobile developers was that they wanted a turn-key set of services for common functionality such as notifications, auth, and data.   Windows Azure Mobile Services directly reflects this feedback by enabling developers to simply provision, configure, and consume scalable backend services. The downloads for this toolkit will be removed on the week of Feb 1st 2013 and all future improvements will be channeled into Windows Azure Mobile Services rather than this toolkit. 

To get started with Mobile Services, sign up for a Windows Azure account and receive 10 free Mobile Services.

WAT Windows Phone

Why are the proxies and services needed?

The proxies and services included in the Windows Phone Cloud Application enable Windows Phone developers to create device applications that use Windows Azure services in a secure and controllable fashion.

In order to access Windows Azure Storage (Tables, Blobs, or Queues) directly from the phone application without these proxies and services, you would have to include your Windows Azure Storage account information in the phone application. Clearly, this is not secure, since any malicious user could access this information and use your Windows Azure Storage account for their purposes.

The Windows Phone Cloud Application provides proxies and services that enable developers to overcome these and other issues:

  1. You can store the Windows Azure Storage account information safely in a Web Application, away from potential malicious users.
  2. You can assign finely grained permissions to each user for each of the Windows Azure Storage services (Tables, Blobs, or Queues) and every object created in them (such as tables, blob containers, blobs, queues, etc.).
  3. The Tables and Queues proxies work transparently and provide the same API as the Windows Azure Storage REST API.
  4. The Shared Access signature service provides an interface that combined with Windows Azure Storage Shared Access Signature features allows the developer to:
    1. Create and Delete containers.
    2. List Blobs in a container.
    3. Obtain a Shared Access Signature for a container in order to:
      • List Blobs in the container
      • Upload Blobs to the container
      • Delete Blobs from the container
      • Attach meta-data to a Blob in the container
    4. Obtain a Shared Access Signature for a Blob in a private container in order to download it


Does Windows Azure Storage support granular authorization permissions now?

No, Windows Azure Storage does not support granular authorization permissions for storage operations.

The Windows Phone Cloud Application proxies and Administration portal provide this functionality out-of-the-box, fully integrated with Windows Azure Access Control Service (ACS) or with Membership-based authentication (either using Asp Providers for Windows Azure Storage or Universal Providers for SQL Azure or SQL Server). 

Using the Administration portal included in the project template, you can manage authorization for the users to allow/forbid access to Windows Azure Storage Tables, Queues, Blobs, and access to SQL Azure, as well as granular control for creating, retrieving, updating, and deleting data in SQL Azure over an OData service.


Can I use the StorageClient library for Windows Phone directly against a Windows Azure Storage account?

Yes, the WindowsPhoneCloud.StorageClient library included in the toolkit is a Windows Phone Class Library that can be used to access the Windows Phone Cloud Application proxies and services or Windows Azure Storage directly. 

Just take into account that if you access Windows Azure Storage directly you will have to include your storage account key in the phone application, also, you will not be able to provide granular authorization to individual users, since this feature is available only using the proxy. 

To access Windows Azure Storage tables directly, update the phone application following these steps:

  1. Update the App.xaml definitions to point to Windows Azure Storage directly.
    <!--Toolkit services' resources (to avoid having to store the Azure Storage account name and key in the phone application)-->
    <system:String x:Key="SSLCertificateUrl"></system:String>
    <system:String x:Key="SharedAccessSignatureServiceEndpoint"></system:String>
    <system:String x:Key="AzureStorageTableProxyEndpoint">https://[your storage account name]</system:String> 
  2. In the CloudClientFactory.cs class, update the ResolveStorageCredentials method to return a StorageCredentialsAccountAndKey object with your storage account credentials.
    public IStorageCredentials ResolveStorageCredentials()
          return new StorageCredentialsAccountAndKey("[your storage account name]", "[your storage account key]");

You can repeat these steps for Queues and Blobs as needed.


When Using ACS for authentication, how does the user know that the login page is not a phishing application?

The same as with desktop applications, when users install a phone application, they make an implicit decision to trust the developer with their data.

This decision is particularly important in applications that handle sensitive information such as usernames and passwords.

You, as a developer, need to ensure the user that their credentials are not accessible to your application, they will not be stored in the device and that data will not be handled un-appropriately.


How do I deploy to Windows Azure a ‘Windows Phone Cloud Application’ generated with the project templates?

See Deploy Your Services to Windows Azure.

Do not forget to update your Windows Phone application to consume your Windows Azure Hosted Service from https://<YourDNSPrefix>


Why do I need to install the SSL certificate in the phone device to access the toolkit services and proxies?

You can connect to a web service using an SSL connection as long as the server’s SSL certificate is valid for the target web site and issued by a trusted authority. Before testing the SSL connection from your application, you can try to navigate to the web site using Windows Phone Internet Explorer. If the certificate causes a warning or error while using the browser, it is likely that the connection will fail in your application as well.

To see a full list of SSL root certificates that ship with Windows Phone, see SSL Root Certificates for Windows Phone.


Next step:  Getting Started

Last edited Jan 21, 2013 at 9:24 PM by nharris, version 18


payini Feb 18, 2012 at 5:25 AM 
Good stuff. Thanks.