Reputation: 1477
Save user credentials using isolated storage and ProtectedData
I want to save user details in a secure way so my intention is to take a class that contains the credentials, serialize it, encrypt it using protectedData and then save this new encrypted data in isolated storage. I have the following save method
public bool SaveCredentials(ILoginCredentials credentials)
{
try
{
//CredentialStorage implements ILoginCredentials
CredentialStorage storage = new CredentialStorage(credentials);
byte[] lastEncryptedData = ToByteArray(storage);
lastEncryptedData = ProtectedData.Protect(lastEncryptedData, AditionalEntropy, DataProtectionScope.CurrentUser);
IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
IsolatedStorageFileStream isoStream = new IsolatedStorageFileStream("ExternalSSOProvider", FileMode.Create,
FileAccess.Write, isoStore);
isoStream.Write(lastEncryptedData, 0, lastEncryptedData.Length);
isoStream.Close();
return true;
}
catch (Exception)
{
return false;
}
}
private static byte[] ToByteArray(object source)
{
var formatter = new BinaryFormatter();
using (var stream = new MemoryStream())
{
formatter.Serialize(stream, source);
return stream.ToArray();
}
}
This bit of code seems to work no problem
Then I have the code that restores to object
private CredentialStorage GetCredentials()
{
try
{
IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
if (isoStore.FileExists("ExternalSSOProvider"))
{
using (IsolatedStorageFileStream stream = new IsolatedStorageFileStream("ExternalSSOProvider", FileMode.Open, isoStore))
{
using (StreamReader reader = new StreamReader(stream))
{
using(MemoryStream ms = new MemoryStream())
{
reader.BaseStream.CopyTo(ms);
byte[] protectedMemory = ms.ToArray();
ms.Close();
ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser);
return ToCredentials(protectedMemory);
}
}
}
}
}
catch (Exception)
{
return null;
}
return null;
}
private static CredentialStorage ToCredentials(byte[] source)
{
var formatter = new BinaryFormatter();
using (var stream = new MemoryStream(source))
{
var x = formatter.Deserialize(stream); //My exception occurs here
return x as CredentialStorage;
}
}
When I attempt to deserialize the object in the ToCredentials method I get the following error
Binary stream 'n' does not contain a valid BinaryHeader. Possible causes are invalid stream or object version change between serialization and deserialization.
Any help would be gratefully appreciated!
FYI this is the ILoginCredentials interface
public interface ILoginCredentials
{
string Username { get; }
string Password { get; }
}
Upvotes: 3
Views: 1755
Answers (1)
Reputation: 1477
Ok I found the problem. In the GetCredentials method I had the line
ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser);
I have changed this to
protectedMemory = ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser);
Becuase I was never updating the protectedMemory variable with the return value I was attempting to deserialize from the still encrypted data
Upvotes: 2
Related Questions
- Storing data on Windows phone
- Save information using windows 8 Isolated Storage
- Isolated Storage & Saving Multiple Objects
- Storing objects in isolated storage
- Storing more than one value into Isolated Storage
- StreamWriter and IsolatedStorageFile
- How to store and retrieve data in Isolated Storage File?
- Silverlight Saving a Class Instance to Isolated Storage
- store data to isolated storage in memory
- Storing file in Isolated Storage