Q & A for LAP writers on Windows Mobile

  • Article

I wanted to write a blog entry about LASS and LAP, but
almost everything I could say has already been said by Marcus on his blog
entries here.   One thing I can add is taking the Q and A that appears in the
comments. Here is some Q and A in no particular order.

What is master key encryption , and should my LAP support it?

Master key encryption is a feature that allows the users
master key to be  encrypted with non persisted data. This feature is not
currently supported in Windows Mobile. When master key protection becomes
supported  documentation will be provided. Do not set
LAP_CAPABILITIES_MASTER_KEY at this time.

I've got an activeX control/some window that never appears. What's
going on?

VerifyUser is running above startup so any UI you show needs
the WS_EX_ABOVESTARTUP  flag set.

What is WS_EX_ABOVESTARTUP?

On PPC, when the device has timed out, and requires
authentication, a blank startup screen is drawn. This is to prevent prying eyes
from seeing your sensitive information.  Your LAP VerifyUser UI must appear above this screen.  To have windows
appear above this startup screen, you must specify WS_EX_ABOVESTARTUP.

 

I didn't need to set WS_EX_ABOVESTARTUP in my RTM LAP? Why do I need to
MSFP+?

    Actually, you do
even in RTM. Try this experiment:

  1. Go to the control
    panel, then password screen.
  2. You should see your LAP UI.
  3. Now, let
    your device go idle.
  4. If you hadn't specified
    WS_EX_ABOVESTARTUP, your LAP window will not be displayed.

Weird, why doesn't this happen when my device goes idle in RTM?

In RTM the VerifyUser call ran on the callers thread.  
There is magic in the shell which says all windows created on
the
StartupThread (the thread that draws the blanking window), window 
magically get WS_EX_ABOVESTARTUP. Since in RTM VerifyUser
was called in the  StartupThread, it
automatically got WS_EX_ABOVESTARTUP.

What's that VerifyUserToTop about?

See the above experiment, in step 4
VerifyUserToTop gets
called signaling the LAP to bring its Verification window to the
foreground. This is needed since only one VerifyUser (LAP) calls are
serialized

I call MessageBox, but it doesn't appear.

See the issue with WS_EX_ABOVESTARTUP, that’s why the new
sample LAP has MessageBox replacement code.

 

My LAP worked on RTM but not on MSFP+ devices. What is going on?

This is usually caused by the WS_EX_ABOVE_STARTUP issues
above. The other change between RTM and MSFP+ is the location  where the idle time out is stored, in MSFP+
it's stored as an AE policy.

 

In my RTM LAP, calls to random APIs are failing, but moving my calls to
another thread fixes the problem. The problem disappeared in MSFP+.

This could be an entry on its own, but the base problem is
that some APIs aren't supported in a PSL. In RTM, the LAP's VerifyUser call was
run in a PSL context. If you don’t understand what this means, trust me
this is no longer an issue In MSFP+.

[Igor Dvorkin]