stackoom
  简体   繁体   中英

Where to store access token securely in UWP application?

 原文  2020-12-24 06:32:22       security/ uwp/ access-token/ desktop-application

Question

Local storage is not right place to store tokens. But this blog post says LocalCache is generally the right location. If I store in LocalCache using DPAPI, Does this enough secure?

Does PasswordVault is good place to store it?

How can I store token securely so that outside this application token is not accessible?

2 answers

solution1
 4 ACCPTED  2020-12-24 11:57:27

I would definitely recommend storing confidential information like an Access Token in the PasswordVault as LocalSettings are not encrypted and are accessible quite easily from the app's package folder in AppData .

Although PasswordVault has a bit odd API, you can still easily use it to store the token:

var passwordVault = new PasswordVault();
passwordVault.Add(new PasswordCredential("Resource", "UserName", accessToken));

In your case, you most likely care only about the access token, so the "resource" and "user name" may be just arbitrary constants. Retrieving the token is easy as well:

//find credentials in the store            
PasswordCredential? credential = null;

try
{
   // Try to get an existing credential from the vault.
   credential = _passwordVault.Retrieve("Resource", "UserName");
}
catch (Exception)
{
   // When there is no matching resource an error occurs, which we ignore.
}
credential?.RetrievePassword();
return credential?.Password;

Note the use of try..catch . This is because the vault throws if given resource/user name combo is not found (which could even happen when user manually deletes the entry in system Credential Manager.

Another advantage of PasswordVault is that credentials are synced across devices (although this feature may be going away in future versions).

solution2
 0  2020-12-24 07:08:44

Where to store access token securely in UWP application?

In general, we often store access token with ApplicationData.LocalSettings class that place settings container in the local app data store. You could use it like the following.

var localSettings = Windows.Storage.ApplicationData.Current.LocalSettings;

// Create a simple setting.
localSettings.Values["accesstoken"] = token;

// Read data from a simple setting.
Object value = localSettings.Values["accesstoken"];

if (value == null)
{
    // No data.
}
else
{
    // Access data in value.
}

And if you want to store access token securely. The Windows Runtime provides the PasswordVault class to securely store credentials. for more please refer this document .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to securely store access token and secret in Android? Where to securely store an access token used for api requests from the Monzo bank api Securely storing an access token where to store api access token in nodejs Securely store token/password in Chrome extension Django rest auth store token securely Securely store Oauth token(s) in file Can I securely store an OpenID Connect id_token and access_token in a cookie if it's marked as HTTP only? Where to store data securely from a Windows service? How to securely get access token from Marketo
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM