Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Xamarin.Auth - store local data using crossPlatform PCL - you can download Xamarin.Auth using the Component store or NuGet Manager - it is a software package, it allows you to store sensitive user data on the device.
- a. Also, it allows you to securely connect to OAuth Services.
- b. Behind the scene, it uses each platforms Native API to store you data
- Xamarin.Auth contains to class Account / AccountStore
- - Accounts object is actually designed to work with Social Networks it has a cookieContainer property, if you are not working with Social Network, your are very likely to leave this.
- public Class Account
- {
- public virtual string UserName {get; set;}
- public virtual Dictionary<string, string> Properties {get; private set; }
- public virtual CookieContainer Cookies {get; private set; }
- }
- - You just allocate the account object and load the user data into the properties as show below :-
- var account = new Account();
- account.Username = "Ann";
- **** note account object stores only string, incase if you have bytArrays you need to convert that to string
- account.Properties.Add("password", "....");
- account.Properties.Add("access_token", "....");
- *** AccountStore class is responsible for store Accounts objects on the device -
- public abstract class AccountStore
- {
- public abstract IEnumerable<Account> FindAccountsForService(string serviceId);
- public abstract void Save (Account account, string serviceId);
- public abstract void Delete(Account account, string serviceId);
- }
- - you can create an instance of the AccountStore using factory method called AccountStore.Create();
- AccountStore store = AccountStore.Create();
- store.Save(account, "your key, can be any string");
- - how to retrieved the data from the local store
- var accounts = store.FindAccountsForService("you give key");
- foreach(var account in accounts)
- if(account.Username == "Ann")
- 1. This can be done even through using platform specific API, but it is inconvenience, since writing code multiple times
- Apple using - Keychain
- Droid using - Keystore
- Window using - PasswordValut
- 2. Encryption / Decryption using PCLCryto plugin - download using Nuget
- a. Hash Password using PCLCrypto
- b. Encrypt / Decrypt data using PCLCrypto
- Below Video URL explains More
- https://university.xamarin.com/videos/ent170-securing-local-data
- ****** How to use Crypto API using PCLCrypt API as a crossPlatform *******
- 1. Each platform has Crypto API
- 2. Mono Provides Crypto APIs
- 3. 3rd-party PCLCrypto API
- 4. 3rd- party libraries (e.g. Bouncy Castle)
- we have a choice to choose a lot of other third party API's are also available... but we you are planning to use this for the low-powered Mobile Device - we need to consider the efficiency of implementation may he a high-priority for us...
- an example of efficiencies -
- a. Some platform APIs are implemented in hardware of some crypto algorithms, which typically make the significantly faster to execute.
- PCLCrypto providing Services
- - Asymmetric Encryption
- - Symmetric Encryption
- - Cryptographic Hash
- - Message Authentication Code
- - Random Number Generation
- *** how to use Hashing to the locally stored password ****
- a. Generate a cryptographic hash
- b. Hash passwords
- 3. Validate passwords
- *** if you apply a hashing algorithm to the password text it is highly difficult to determine original plaintext password from a hash.
- **** when Hashing the password it is a best practice to add random data to the password before hashing - this randomizing data is (called 'salt').
- PCLCrypto provides API for generating random bytes -
- byte[] salt = WinRTCrypto.CryptographicBuffer.GenerateRandom(32);
- Note: while saving the password as the hash, we need to save the salt value associated to it... this help us to validate the user inputted password.
- Hash Algorithm Choice
- * Consider using the most secure algorithm available on your target Platform(s)
- PCLCrypto API has below algorithm -- but you should verify the algorithm is available on your target platform (i.e. read the PCLCrypto docs and/or source code)
- public enum HashAlgorithm
- {
- Md5,
- Sha1,
- Sha256,
- Sha384,
- Sha512,
- }
- *** reasonable choice can use this three Sha256, Sha384, Sha512...
- public static byte[] GetHash(byte[] data, byte[] salt)
- {
- byte[] saltedData = new byte[data.Length + salt.Length];
- Array.Copy(salt, saltedData, salt.Length); //sourceArray,destnicationArray,length
- Array.Copy(data,0,saltedData, salt.Length, data.Length);
- var sha = WinRTCrypto.HashAlgorthmProvider.OpenAlgorithm(HashAlgorithm.Sha256);
- retun sha.HashData(saltedData);
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement