Loading user information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading user information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Strong Authentication: Building Apps That Leverage Virtual Smart Cards in Enterprise, BYOD, and Consumer Environments

1 hour, 9 minutes, 10 seconds


Right click “Save as…”

Slides (view online)
+My schedule - My schedule

Windows 8.1 makes it easier than ever for Windows Store apps to manage virtual smart cards. Learn about using virtual smart cards when you need strong authentication, including both enterprise Bring Your Own Device (BYOD) environments, as well as consumer scenarios that require strong authentication such as banking. This session will cover what virtual smart cards are, what scenarios they can enable, and how new Windows Runtime APIs make it easy to write apps to manage both real and virtual smart cards.

For more information, check out this course on Microsoft Virtual Academy:

Follow the discussion

  • Oops, something didn't work.

    Getting subscription
    Subscribe to this conversation
  • Please address if you can send an APDU to a real smart card in a reader similar to the API SCardTransmit().



  • Himanshu SoniHimanshu Soni

    bdhc73a - I assume you are asking if there is an ability to send APDU to a smart card (real or virtual) using WinRT API from a Windows Store App. For Windows 8.1, this functionality is not available. Only Win32 applications can send APDUs to real or virtual smart cards.

  • You are correct, I am waiting for smartcard access from a WinRT API.

    Is it a matter of policy that it is prevented, or a lack of resources?


  • Hi Himanshu

    I'm in a conflict on whether you can define VSC and PIN (for example) as a real 2 factor authentication... A certificate which used for VSC and stored in the TPM can't really be pulled out (by the end user) like a real "Something you have" e.g. USB stick, so the "Something you have" is actually the device you're trying to authenticate to.

    Can you use the device you're authenticating to as an authentication factor ?

  • Himanshu SoniHimanshu Soni

    You are right in that the certificate cannot be pulled out like a real "something you have". Hence, you cannot claim 2FA to the device itself. However, when authenticating to a network resource such as a website or a file share or authenticating for remote access for VPN, the device can be claimed as an authenticating factor because without the possession of the device, the user is not able to authenticate to the network resource. In those cases, the device is "something you have" and the PIN is "something you know".

Remove this comment

Remove this thread


Comments closed

Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.