c# - 使用隔离存储和 ProtectedData 保存用户凭据

Question

我想以一种安全的方式保存用户详细信息，所以我的目的是获取一个包含凭据的类，对其进行序列化，使用 protectedData 对其进行加密，然后将这个新的加密数据保存在隔离存储中。我有以下保存方法

    public bool SaveCredentials(ILoginCredentials credentials)
    {
        try
        {
            //CredentialStorage implements ILoginCredentials 
            CredentialStorage storage = new CredentialStorage(credentials);
            byte[] lastEncryptedData = ToByteArray(storage);
            lastEncryptedData = ProtectedData.Protect(lastEncryptedData, AditionalEntropy, DataProtectionScope.CurrentUser);

            IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
            IsolatedStorageFileStream isoStream = new IsolatedStorageFileStream("ExternalSSOProvider", FileMode.Create,
                                                                                 FileAccess.Write, isoStore);
            isoStream.Write(lastEncryptedData, 0, lastEncryptedData.Length);
            isoStream.Close();
            return true;
        }
        catch (Exception)
        {
            return false;
        }
    }

    private static byte[] ToByteArray(object source)
    {
        var formatter = new BinaryFormatter();
        using (var stream = new MemoryStream())
        {
            formatter.Serialize(stream, source);
            return stream.ToArray();
        }
    }

这段代码似乎没问题

然后我有恢复对象的代码

    private CredentialStorage GetCredentials()
    {
        try
        {
            IsolatedStorageFile isoStore = IsolatedStorageFile.GetStore(IsolatedStorageScope.User | IsolatedStorageScope.Assembly, null, null);
            if (isoStore.FileExists("ExternalSSOProvider"))
            {
                using (IsolatedStorageFileStream stream = new IsolatedStorageFileStream("ExternalSSOProvider", FileMode.Open, isoStore))
                {
                    using (StreamReader reader = new StreamReader(stream))
                    {
                       using(MemoryStream ms = new MemoryStream())
                       {
                           reader.BaseStream.CopyTo(ms);
                           byte[] protectedMemory = ms.ToArray();
                           ms.Close();
                           ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser);
                           return ToCredentials(protectedMemory);
                       }
                    }
                }
            }
        }
        catch (Exception)
        {
            return null;
        }
        return null;
    }

    private static CredentialStorage ToCredentials(byte[] source)
    {
        var formatter = new BinaryFormatter();
        using (var stream = new MemoryStream(source))
        {
            var x = formatter.Deserialize(stream); //My exception occurs here
            return x as CredentialStorage;
        }
    }

当我尝试在 ToCredentials 方法中反序列化对象时，出现以下错误

二进制流“n”不包含有效的 BinaryHeader。可能的原因是序列化和反序列化之间的无效流或对象版本更改。

如有任何帮助，我们将不胜感激!

仅供引用，这是 ILoginCredentials 接口(interface)

 public interface ILoginCredentials
 {
     string Username { get; }
     string Password { get; }
 }

Answer 1

好的，我发现了问题。在 GetCredentials 方法中，我有一行

    ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser); 

我已经改成

    protectedMemory = ProtectedData.Unprotect(protectedMemory, AditionalEntropy, DataProtectionScope.CurrentUser); 

因为我从来没有用返回值更新 protectedMemory 变量，所以我试图从仍然加密的数据中反序列化