3

我想以安全的方式保存用户详细信息,因此我的意图是获取一个包含凭据的类,对其进行序列化,使用 protectedData 对其进行加密,然后将这些新的加密数据保存在隔离存储中。我有以下保存方法

    public bool SaveCredentials(ILoginCredentials credentials)
    {
        try
        {
            //CredentialStorage implements ILoginCredentials 
            CredentialStorage storage = new CredentialStorage(credentials);
            byte[] lastEncryptedData = ToByteArray(storage);
            lastEncryptedData = ProtectedData.Protect(lastEncryptedData, AditionalEntropy, DataProtectionScope.CurrentUser);

            IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
            IsolatedStorageFileStream isoStream = new IsolatedStorageFileStream("ExternalSSOProvider", FileMode.Create,
                                                                                 FileAccess.Write, isoStore);
            isoStream.Write(lastEncryptedData, 0, lastEncryptedData.Length);
            isoStream.Close();
            return true;
        }
        catch (Exception)
        {
            return false;
        }
    }

    private static byte[] ToByteArray(object source)
    {
        var formatter = new BinaryFormatter();
        using (var stream = new MemoryStream())
        {
            formatter.Serialize(stream, source);
            return stream.ToArray();
        }
    }

这段代码似乎没有问题

然后我有恢复到对象的代码

    private CredentialStorage GetCredentials()
    {
        try
        {
            IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
            if (isoStore.FileExists("ExternalSSOProvider"))
            {
                using (IsolatedStorageFileStream stream = new IsolatedStorageFileStream("ExternalSSOProvider", FileMode.Open, isoStore))
                {
                    using (StreamReader reader = new StreamReader(stream))
                    {
                       using(MemoryStream ms = new MemoryStream())
                       {
                           reader.BaseStream.CopyTo(ms);
                           byte[] protectedMemory = ms.ToArray();
                           ms.Close();
                           ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser);
                           return ToCredentials(protectedMemory);
                       }
                    }
                }
            }
        }
        catch (Exception)
        {
            return null;
        }
        return null;
    }

    private static CredentialStorage ToCredentials(byte[] source)
    {
        var formatter = new BinaryFormatter();
        using (var stream = new MemoryStream(source))
        {
            var x = formatter.Deserialize(stream); //My exception occurs here
            return x as CredentialStorage;
        }
    }

当我尝试在 ToCredentials 方法中反序列化对象时,出现以下错误

二进制流“n”不包含有效的 BinaryHeader。可能的原因是无效的流或序列化和反序列化之间的对象版本更改。

任何帮助将不胜感激!

仅供参考,这是 ILoginCredentials 接口

 public interface ILoginCredentials
 {
     string Username { get; }
     string Password { get; }
 }
4

1 回答 1

2

好的,我发现了问题。在 GetCredentials 方法中,我有这条线

    ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser);

我已将其更改为

    protectedMemory = ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser);

因为我从来没有用我试图从仍然加密的数据反序列化的返回值更新 protectedMemory 变量

于 2012-05-30T15:59:37.487 回答