Adding encryption of the serialized token cache on disk

jmprieur · jmprieur · commit b35a3d80264f · 2018-04-30T14:07:29.000+02:00
(best practice)
diff --git a/TodoListClient/TokenCacheHelper.cs b/TodoListClient/TokenCacheHelper.cs
@@ -54,7 +54,7 @@ public static TokenCache GetUserCache()
         /// <summary>
         /// Path to the token cache
         /// </summary>
-        public static string CacheFilePath = System.Reflection.Assembly.GetExecutingAssembly().Location + "msalcache.txt";
+        public static readonly string CacheFilePath = System.Reflection.Assembly.GetExecutingAssembly().Location + ".msalcache.bin";
 
         private static readonly object FileLock = new object();
 
@@ -63,7 +63,9 @@ public static void BeforeAccessNotification(TokenCacheNotificationArgs args)
             lock (FileLock)
             {
                 args.TokenCache.Deserialize(File.Exists(CacheFilePath)
-                    ? File.ReadAllBytes(CacheFilePath)
+                    ? ProtectedData.Unprotect(File.ReadAllBytes(CacheFilePath),
+                                              null,
+                                              DataProtectionScope.CurrentUser)
                     : null);
             }
         }
@@ -76,7 +78,11 @@ public static void AfterAccessNotification(TokenCacheNotificationArgs args)
                 lock (FileLock)
                 {
                     // reflect changesgs in the persistent store
-                    File.WriteAllBytes(CacheFilePath, args.TokenCache.Serialize());
+                    File.WriteAllBytes(CacheFilePath,
+                                       ProtectedData.Protect(args.TokenCache.Serialize(), 
+                                                             null, 
+                                                             DataProtectionScope.CurrentUser)
+                                      );
                     // once the write operationtakes place restore the HasStateChanged bit to filse
                     args.TokenCache.HasStateChanged = false;
                 }

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public static TokenCache GetUserCache()`
`54`	`54`	`/// <summary>`
`55`	`55`	`/// Path to the token cache`
`56`	`56`	`/// </summary>`
`57`		`- public static string CacheFilePath = System.Reflection.Assembly.GetExecutingAssembly().Location + "msalcache.txt";`
	`57`	`+ public static readonly string CacheFilePath = System.Reflection.Assembly.GetExecutingAssembly().Location + ".msalcache.bin";`
`58`	`58`
`59`	`59`	`private static readonly object FileLock = new object();`
`60`	`60`
`@@ -63,7 +63,9 @@ public static void BeforeAccessNotification(TokenCacheNotificationArgs args)`
`63`	`63`	`lock (FileLock)`
`64`	`64`	`{`
`65`	`65`	`args.TokenCache.Deserialize(File.Exists(CacheFilePath)`
`66`		`- ? File.ReadAllBytes(CacheFilePath)`
	`66`	`+ ? ProtectedData.Unprotect(File.ReadAllBytes(CacheFilePath),`
	`67`	`+ null,`
	`68`	`+ DataProtectionScope.CurrentUser)`
`67`	`69`	`: null);`
`68`	`70`	`}`
`69`	`71`	`}`
`@@ -76,7 +78,11 @@ public static void AfterAccessNotification(TokenCacheNotificationArgs args)`
`76`	`78`	`lock (FileLock)`
`77`	`79`	`{`
`78`	`80`	`// reflect changesgs in the persistent store`
`79`		`- File.WriteAllBytes(CacheFilePath, args.TokenCache.Serialize());`
	`81`	`+ File.WriteAllBytes(CacheFilePath,`
	`82`	`+ ProtectedData.Protect(args.TokenCache.Serialize(),`
	`83`	`+ null,`
	`84`	`+ DataProtectionScope.CurrentUser)`
	`85`	`+ );`
`80`	`86`	`// once the write operationtakes place restore the HasStateChanged bit to filse`
`81`	`87`	`args.TokenCache.HasStateChanged = false;`
`82`	`88`	`}`