Windows Phone SDK 8.0 provides proof-of-purchase authenticity by using secure receipts. You can retrieve receipts for all of your in-app products purchased by the user. A receipt is verification that a transaction has taken place. The receipt also contains a digital signature that you can use to verify the integrity of the receipt and make sure no tampering took place.

This sample provides code and a certificate you can use to verify a receipt from the Windows Phone Store service. You use both the receipt that you get when making an in-app product purchase and the provided production certificate (IapReceiptProduction.cer) to verify the signature. The signature is contained within the receipt.

The code contained in this sample calls the VerifyXmlSignature method using three parameters: input, certificate, and verifySignatureOnly. The input parameter contains the receipt XML as a string. The certificate parameter contains the public key of the certificate as an X509Certificate2 object. The verifySignatureOnly parameter is a boolean value that determines whether the code should verify both the signature and the certificate, or only the signature.

For additional info about in-app purchase, see In-app purchase for Windows Phone 8.