使用隔离存储和 ProtectedData 保存用户凭据

Question

我想以安全的方式保存用户详细信息，因此我的意图是获取一个包含凭据的类，对其进行序列化，使用 protectedData 对其进行加密，然后将这些新的加密数据保存在隔离存储中。我有以下保存方法

    public bool SaveCredentials(ILoginCredentials credentials)
    {
        try
        {
            //CredentialStorage implements ILoginCredentials 
            CredentialStorage storage = new CredentialStorage(credentials);
            byte[] lastEncryptedData = ToByteArray(storage);
            lastEncryptedData = ProtectedData.Protect(lastEncryptedData, AditionalEntropy, DataProtectionScope.CurrentUser);

            IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
            IsolatedStorageFileStream isoStream = new IsolatedStorageFileStream("ExternalSSOProvider", FileMode.Create,
                                                                                 FileAccess.Write, isoStore);
            isoStream.Write(lastEncryptedData, 0, lastEncryptedData.Length);
            isoStream.Close();
            return true;
        }
        catch (Exception)
        {
            return false;
        }
    }

    private static byte[] ToByteArray(object source)
    {
        var formatter = new BinaryFormatter();
        using (var stream = new MemoryStream())
        {
            formatter.Serialize(stream, source);
            return stream.ToArray();
        }
    }

这段代码好像没问题

然后我有恢复到对象的代码

    private CredentialStorage GetCredentials()
    {
        try
        {
            IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
            if (isoStore.FileExists("ExternalSSOProvider"))
            {
                using (IsolatedStorageFileStream stream = new IsolatedStorageFileStream("ExternalSSOProvider", FileMode.Open, isoStore))
                {
                    using (StreamReader reader = new StreamReader(stream))
                    {
                       using(MemoryStream ms = new MemoryStream())
                       {
                           reader.BaseStream.CopyTo(ms);
                           byte[] protectedMemory = ms.ToArray();
                           ms.Close();
                           ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser);
                           return ToCredentials(protectedMemory);
                       }
                    }
                }
            }
        }
        catch (Exception)
        {
            return null;
        }
        return null;
    }

    private static CredentialStorage ToCredentials(byte[] source)
    {
        var formatter = new BinaryFormatter();
        using (var stream = new MemoryStream(source))
        {
            var x = formatter.Deserialize(stream); //My exception occurs here
            return x as CredentialStorage;
        }
    }

当我尝试在 ToCredentials 方法中反序列化对象时，出现以下错误

二进制流“n”不包含有效的 BinaryHeader。可能的原因是无效的流或序列化和反序列化之间的对象版本更改。

任何帮助将不胜感激！

仅供参考，这是 ILoginCredentials 接口

 public interface ILoginCredentials
 {
     string Username { get; }
     string Password { get; }
 }

Answer 1

好的，我发现了问题。在 GetCredentials 方法中，我有一行

    ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser); 

我把它改成了

    protectedMemory = ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser); 

因为我从来没有用我试图从仍然加密的数据反序列化的返回值更新 protectedMemory 变量