I am currently implementing in-app purchases in an app that I am working for Windows 8.

After reading the documentation:

1. Request the license Information for the app: msdn.microsoft.com/en-us/library/windows/apps/windows.applicationmodel.store.licenseinformation.aspx

This tells you if the app is trial or not, and the list of products bought using in-app.

1. To perform a purchase you need to use the objects:

CurrentApp: In live environment. This will only work when the app is APPROVED in the store, so you need to make this change before packaging to submit to the store.

CurrentAppSimulator: Debug and testing.

2.a. If you are running an app in trial mode, you purchase the app calling: CurrentApp.RequestAppPurchaseAsync (true)

The parameter is requesting to get a string that contains XML that represents all receipts for the app and any in-app purchases. If includeReceipt is set to false, this string is empty.

2.b. Validate a purchase from your servers. Reference

We want to verify that the receipt that we got from server 2.a is genuine. To verify a receipt's authenticity, you can check the receipt's signature using the public certificate. To get this certificate, use the following URL: go.microsoft.com/fwlink/?LinkId=246509&cid= where is the CertificateId of the receipt.

This is a real Receipt from the CurrentAppSimulator:

<?xml version="1.0" encoding="utf-8"?>
    <Receipt Version="1.0" ReceiptDate="2012-08-23T14:21:40Z" CertificateId="" ReceiptDeviceId="9d6b1f28-cab8-421f-8f8d-23df2dc3abbe">
    <ProductReceipt Id="d9437a12-4f91-4ef0-b0bf-527ab9da2ec9" AppId="Zolmo.JamiesRecipes_40cj6885yhw56" ProductId="JMPK_0004" PurchaseDate="2012-08-23T14:21:40Z" ProductType="Durable" />
</Receipt>

No CertificateId, how could I implement the server side validation? how can I test all this without having an app in the Store?

Thanks, Pedro

没有沙箱环境做这种终端到终端的测试的的Windows Store 。 这应该有助于让你远一点，但：

该CertificateId正在使用的Store是目前b809e47cd0110a4db043b3f73e83acd917fe1336 （这可以随时间改变，因此你的代码应该从收条编程方式获得此）

CERT的下载网址变成这样： https://go.microsoft.com/fwlink/?LinkId=246509&cid=b809e47cd0110a4db043b3f73e83acd917fe1336

这里是你可以测试你的代码示例回执解析CertificateId的使用价值URL上方，用于验证签名是有效的使用由返回的证书代码URL上面：

<Receipt Version="1.0" ReceiptDate="2012-08-28T22:11:33Z" CertificateId="b809e47cd0110a4db043b3f73e83acd917fe1336" ReceiptDeviceId="4e362949-acc3-fe3a-e71b-89893eb4f528">
<AppReceipt Id="8ffa256d-eca8-712a-7cf8-cbf5522df24b" AppId="55428GreenlakeApps.CurrentAppSimulatorEventTest_z7q3q7z11crfr" PurchaseDate="2012-06-04T23:07:24Z" LicenseType="Full" />
<ProductReceipt Id="2559fa9a-9f86-0525-e655-536a6c96fac6" ProductId="Product1" PurchaseDate="2012-06-04T23:07:50Z" ExpirationDate="2012-06-07T23:07:49Z" ProductType="Durable" AppId="55428GreenlakeApps.CurrentAppSimulatorEventTest_z7q3q7z11crfr" />
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
        <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
        <Reference URI="">
            <Transforms>
                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
            <DigestValue>npmBq7pdtq9FkfILSsHuVyD+QWiZg6J/klBKsyWhrw8=</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>LKZSHmk6XjLaEHoJPFBB1GxVsFf2eilOXeyf2RvYtVvqjU4EIdOUfNM46sVifq3MyeE4N2s77iJmvdzgxmOM9tCimebiL7jsdpWakO0A9daImHESMPIrwZNham6jPCWaBUEOFT6PNy1v5MS+cdX25Wenk702L0wVQ6R8oGPlk5Im6Q62K69cvAFA3q/kiLHOyTZWHoIGw5lvFvAYI/aZhVoFQLv1FjK0Syg5nbMA19UrzwZ39jnJjcfuw/VX51uSv5Ze2x36HDXTpiw8wHoTzauGYzt9MXd4+qbiJ4AQys22AgO+cfAbDrTuH5duZ6DMeuFeEv8nu2p9PiVyBEOlZw==</SignatureValue>
</Signature>