How do I store or associate additional data with a PasswordCredential?

Question

My UWP application logs into several web services using several accounts. Each one contains an URL, password and username along with additional information such as a developer key, etc. I would like to securely store them as roaming settings assigned to a Windows user account.

UWP's Credential Locker appears to securely store the credentials part, the user name and password. It also roams with the user and I can live with its 10 credential storage limitation (Credential Locker) Unfortunately, there doesn't seem to be a clear way of including or associating it with my accounts using a unique ID:

//
//Add a credential to PasswordVault by supplying resource, username, and password
//
Windows.Security.Credentials.PasswordVault vault = new Windows.Security.Credentials.PasswordVault();
PasswordCredential cred = new PasswordCredential(InputResourceValue.Text, InputUserNameValue.Text, InputPasswordValue.Password);
vault.Add(cred);

PasswordVault requires a username, resource string and password. Although I can retrieve a credential using a username, its not guaranteed to be unique. Although the resource key is unique, it's not clear whether it identifies the actual credential or its container.

Any ideas on how to resolve this?

Answer 1

Different apps use different approaches for this. Some apps have a single resource name like AppName and then use UserName to store different kinds of "keys", so they have AccessKey, Password etc.

An alternative is to have different Resource values, for example for different authentication providers like AppName.Facebook, AppName.Local etc., use UserName for, well user name and password for password or access token.

Finally - because you are not limited by the kind of string you store in the Password, you can create a complex type that contains multiple properties and for example serialize it with JSON before storing into password vault. This way you can store more information with a single entry.