Update GettingStarted.md (#169)

Adds a section about Verifying your connection which describes how to do certificate validation.
2016-09-02 10:37:59 -07:00 · 2016-09-02 10:37:59 -07:00 · 4699d1fb08
--- a/GettingStarted.md
+++ b/GettingStarted.md
@ -24,6 +24,17 @@ portal.Connect().Wait(); // The ConnectionStatus event will tell you if it succe
 ```
 For complete examples and stepping off points see the SampleWdpClients.  A UWP version and WPF version of the sample app are included in the solution.

+### Verifying your connection
+There are several different ways to verify your connection for using secure HTTPS communication with a device. Any of these methods can be used to secure your connection against a Man in the Middle attack or to allow your own proxy for debugging your communication.
+
+1. If the certificate generated by your device is in your Trusted Root Certification Authorities certificate store then the connection will be automatically verified when connecting. No additional work is necessary.
+2. You can manually provide the certificate object to the Connect method on the DevicePortal object to use for verification. This certificate could have been retrieved earlier via USB, or downloaded via a call to \<address\>/config/rootcertificate and then manually verified as being the proper certificate. This is a good method to use if using a web proxy such as Fiddler, as those proxies generally let you export their certificate.
+3. Add your own logic for certificate checking. This works differently in Win32 and UWP
+   - For UWP, you can make a call to the GetRootDeviceCertificate method on your DevicePortal object with the acceptUntrustedCerts parameter set to true. This will allow untrusted connections to your device for subsequent calls. **You should warn your user that they are making an untrusted connection or otherwise verify your connection is secure if using this method.**
+   - For Win32, you can add a handler to the UnvalidatedCert event on your DevicePortal object which gives you a chance to perform custom handling such as presenting the thumbprint for the certificate to the user and asking them if they trust the connection, or using a prior cached decision about this connection. This is similar to how a web browser handles untrusted certificates.
+   
+The SampleWdpClients show examples of using all of these methods of establishing trust in an application.
+
 ## Using the DevicePortal object
 Each REST API exposed by Device Portal is represented as a method off of the DevicePortal object. Most methods are a task that return an object representing the JSON return value.