Is Microsoft learning from Apple?

by Ishai Hachlili 6. October 2012 17:11

In the last few years, Apple has passed Microsoft like a Formula 1 car passing a minivan on their way to becoming the largest tech company in the world.
There are several factors that helped them get there.

They realized the future is in smart mobile devices in consumer ends while everyone was still trying to sell them only to business users (that was obvious in the UI, hardware and cost of smartphones and tablets that existed before the iPhone came out)

They didn’t play by the mobile industry rules. They didn’t bend to appease carriers demands. They make more money on each iPhone sold than Android/Windows Phone manufacturer make on their phones. A lot more.

They did a great job at marketing their products. Every small feature was revolutionary, invented and patented by them. Even when it was far from the truth. They said it, the local news repeated it and even tech savvy people actually believe it. It’s hard to be surprised when a jury that heard that on TV or read it in the papers finds that Samsung copied from Apple when most of those patents had prior art.

A big part of their marketing plan is announcing the new revolutionary phone(usually having some surprises in the announcement) and having it available soon after. They also limit the availability, because it’s proven that a hot product that’s flying off the shelves will created more demand (see the Nintendo Wii, Kinect and any iDevice when they were released). Faking your way to long lines and empty shelves might feel like lying, but so does saying you have the greatest maps app when you only started working on it less that a year before that statement. It’s just what Apple does.

They also pick a couple of features and hammer them in with ads. With the iPhone 4S it was siri (even though it wasn’t really new, it was available as an app long before Apple bought it) with the iPhone 5 it’s the size and the panorama feature (both are things that Android and WP7 did before)


So is Microsoft learning from Apple?

well, they are trying.

They scheduled the Windows Phone 8 launch event for October 29th, The phone will be in stores the weekend after. That’s the kind of announcement to release window Apple does.

They have great new features in the WP8 OS, features Apple will call revolutionary when ever they get around to implementing them.

They have OEM partners, making the cost factor irrelevant for them, it’s not how they’re making money right now.

They’re trying to keep things under wraps with WP8 , but they already announced almost everything there was to announce. They want to keep things secret so badly, they’re telling developers they don’t care about them or their apps (even tough the main point against WP is actually some key apps missing, not total numbers, but key apps). Not that it helped (the top secret SDK was leaked very quickly, and didn’t have anything new really)

Maybe the fact that no local news channel picked up on any of the WP announcements (because it wasn’t Apple) means it doesn’t matter that all the new features and device details are already known because their target audience doesn’t really know about it, it’s only us tech geeks. Maybe they’ll be able to get that local news coverage with the 10/29 event. The Windows 8 launch the Friday before (on the 26th) will help too, reporters and analysts are already confused by Windows 8 and WP8. Potential buyers might come in to stores to look at the new Windows 8 tablets and that confusion could at least get them to look at Windows phones.

So Microsoft is trying, but they’re kind messing it up. Maybe next time they’ll learn. Maybe they will also have the new OS and devices ready for a September launch to compete with the next iPhone. Because what really hurts WP8 is the lack of devices in the carrier stores when the big draw of the iPhone brings all these people in. The Lumia 920 and iPhone 5 side by side? I gotta think it will convert at least some users to WP.

So either the confusion gets people looking at WP8, or it’s a slow haul for Microsoft. One thing for sure, with the Android licensing fees they’re getting, they can keep working on WP for a while, and if Nokia can’t stay with it and Samsung/HTC decide to stop supporting it, Microsoft can always go with a The Surface Windows Phone. you know you want one…

Tags: , ,

My Mobile Portfolio – A Google Finance portfolio management app for Windows Phone 7

by Ishai Hachlili 19. February 2011 09:35

Just submitted this little app to the marketplace
The WP7 version uses Caliburn Micro which made writing it very fast without too much unnecessary code.
I’m also using RestSharp for REST calls to Google’s API, which made the client API classes very small.

now I’m going to work on an Android version. so I’m looking for a good MVVM approach for that app as well(maybe Android Binding will do the trick).

Here are some screenshots


Here's a link to the website


Tags: , , , , ,

MVVM | Windows Phone 7

Windows Phone 7 and WCF REST – Authentication Solutions

by Ishai Hachlili 18. February 2011 13:31

I’ve been scouring the internets looking for a simple solution for authentication with WP7.
I am using a simple WCF REST web service based on the template for .net 4.0

Here are the two solutions I ended up with:

Solution 1 – Use the built in authentication service

Add a new WCF service to your project, remove the code behind file and change the svc file to this: 
<%@ ServiceHost Language="C#" Debug="true" Service="System.Web.ApplicationServices.AuthenticationService" %>

Add the forms authentication and membership configuration (just like any website)

Now in the WP7 project, you can add a service reference, again, this part is very standard.
To get this working, you need to use the cookie container on calls to both services.

Instead of detailing this approach, I figured I’ll just link to Kevin Hoffman’s blog post

Solution 2 – Use basic authentication

This solution is a lot more restful. There’s no state saved on the server, no session and no cookies.

I’ve decided to use RestSharpfor server calls from WP7.
It’s very easy to ad basic authentication code on the client side when using RestSharp since the library has built in support for it using the HttpBasicAuthenticator.

            var request = new RestRequest("Orders");
            request.Method = Method.GET;
            request.RequestFormat = DataFormat.Json;
            var client = new RestClient(baseUrl);
            client.Authenticator = new HttpBasicAuthenticator(userName, password);
            client.ExecuteAsync(request, (response) =>
                if (response.StatusCode == HttpStatusCode.OK)
                    //deal with the response

What I like about RestSharp is being able to define my resource. To get authentication working, I just needed one line of additional code on the client side.

So far, I’m sending the basic auth base64 encoded header to the server, now I need to intercept it on the server side and authenticate the user.
To do that, I added a class that inherits from ServiceAuthorizationManager, here’s the code:

    public class BasicAuthorization : ServiceAuthorizationManager
        protected override bool CheckAccessCore(OperationContext operationContext)
            string authtext = HttpContext.Current.Request.Headers["Authorization"];
            //if (String.IsNullOrWhiteSpace(authtext))
                //return false;
            if (!String.IsNullOrWhiteSpace(authtext))
                string[] decoded = DecodeFrom64(authtext.Replace("Basic ", String.Empty)).Split(':');
                string username = decoded[0];
                string password = decoded[1];

                if (Membership.ValidateUser(username, password))

                    MembershipUser user = Membership.GetUser(username);
                    GenericIdentity identity = new GenericIdentity(user.UserName);
                    //RolePrincipal principal = new RolePrincipal(identity);
                    GenericPrincipal principal = new GenericPrincipal(identity, "UserRole".Split(','));
                    System.Threading.Thread.CurrentPrincipal = principal;
                    HttpContext.Current.User = principal;
                    //return true;

            //always return true, we just want to get the identity set up so methods can support authorization
            return true;

        /// <summary>
        /// The method to Decode your Base64 strings.
        /// </summary>
        /// <param name="encodedData">The String containing the characters to decode.</param>
        /// <returns>A String containing the results of decoding the specified sequence of bytes.</returns>
        private static string DecodeFrom64(string encodedData)
            byte[] encodedDataAsBytes = System.Convert.FromBase64String(encodedData);
            string returnValue = System.Text.Encoding.UTF8.GetString(encodedDataAsBytes);
            return returnValue;

There’s nothing complicated here, I’m just decoding the base64 string from the header and using the membership functions to validate the user’s credentials and create an IPrincipal object which is then set as the current user. This will allow methods in the actual service to access the membership object in a standard way. That’s also the reason the method always returns true. I’m not interested in blocking access at this point, I’ll leave that up to individual methods. (If you wanted to secure the entire service for authenticated users, you could return the result of the ValidateUser call, I wanted to have a methods that can be called by anonymous users as well).

This sample doesn’t add the user’s actual roles, which will be easy to implement (just get the roles using the username and add to the principal)

The last step is to update the servicemodel configuration to use the BasicAuthorization class. Just find the default behavior for your REST service and add the ServiceAuthoization element.

<behavior name="">
    <serviceMetadata httpGetEnabled="true"/>
    <serviceDebug includeExceptionDetailInFaults="true"/>
    <serviceAuthorization serviceAuthorizationManagerType="SampleWCFRESTService.BasicAuthorization, SampleWCFRESTService" />

Now checking “HttpContext.Current.User.Identity.IsAuthenticated” in any method in the web service will work.


The problem with basic authentication

The problem of course, is sending user credentials with every request. Since I don’t want to send all of the requests over SSL due to performance issues (and I usually don’t really have to) I need a better solution.

The standard solution for this problem is to make the first call over SSL to an “Authenticate” resource, create a token and send it back to the client. From that point on you can send the token with subsequent requests.

To add support for a token, you can add another ServiceAuthorizationManager or just update the logic to check if the Authorization header starts with Basic or CustomName.
The encrypted token should include the username and password and you can add other elements to it (like expiration for example).

In my implementation, my Authentication resource andthe ServiceAuthotizationManager both use the same class to encrypt/decrypt the username and password and in that class I also check if the token has expired.

I decided to go with the second solution since it seems to be the standard way REST services are developed (sending user/pass and getting a token). I wouldn’t really want to deal with cookies and that solution might not be friendly to other platforms.

Tags: , , , , ,

Windows Phone 7 | WCF

About Ishai

Ishai is the founder of Smart Trivia, Inc. where he builds trivia games for smartphones using MvvmCross and Xamarin. He's also running the Silicon Valley Mobile/Cross Platform .Net Meetup and helps other companies build mobile apps using Xamarin as a consultant

Recent Tweets

Twitter October 23, 05:22
@BenThePCGuy a standard where that doesn't matter is better. One more reason to get the #Lumia920, wireless charging, no need for microUSB

Twitter October 23, 05:21
@ManMadeMoon where they dance around the issues and don't really talk about them

Twitter October 23, 05:20
@BenThePCGuy are you a @wpdev ?

Twitter October 23, 04:17
@JonahLupton But if it's black it's usually better

Twitter October 23, 02:58
@jongalloway next time ask your 5 year old how to spell