I'm basically trying to encrypt a file within the UWP app that will be saved to OneDrive (already have successful code on saving file to OneDrive location) so that the same user can then load that file into another copy of the same app that is installed on a different Windows PC/Device or within the same app on the same PC (already have successful code on restoring the file into app on different and same device) but have it decrypt automatically for that specific user so that their data is secure while stored in OneDrive. I don't want another logged in user on the same or different PC to be able to restore the file into their copy of the app if it did not originate from their app. Any actual code would be greatly helpful. I just need code to encrypt a storagefile within the storagefolder so that the app uses a key or some sort of descriptor for the current Microsoft account that obtained the app from the store across all devices that same user installed the app on. I do not have any code for the encryption as I do not know where to begin.
For data protection, you could refer to Data protection document, it tells how to use the DataProtectionProvider class in the Windows.Security.Cryptography.DataProtection namespace to encrypt and decrypt digital data in a UWP app. The document contains segment code that you could use directly.
I don't want another logged in user on the same or different PC to be able to restore the file into their copy of the app if it did not originate from their app.
OneDrive file could be accessed by the specific user, it will not restore the file for other users, it is security for protecting user's data.
Related
I have multiple windows store apps of a company and all of them have signing in option. What I am trying to do is create a mutual login system for all of my apps. In simple words, If user log into one app then he automatically signed in other apps.
I am using sqlite locally to maintain user's session data. So, I tried to access the one App sqlite file from other app by giving a static path to its installed location. But it won't open the sqlite file.
Can I put this sqlite file in any folder where other apps can access it too?
Is there any common folder/storage space in windows store app where other apps will be able to access this sqlite file?
Any help would be really appreciated, Thanks in Advance!
Although it doesn't help right now, Windows 10 does have a solution for apps from the same publisher sharing data. You can use ApplicationData.GetPublisherCacheFolder(folderName) to get access to one or more folders that you share amongst your apps.
As far as I know there is no common storage between apps. The best you can do is to store the sqlite file somewhere locally (let the user choose) and then hold permission to access that file in the MostRecentlyUsedList
This will allow your app to access it at any time. However, the user will have to manually open the file at least once with each app that needs to use the login.
The only way I can think of to do what you're trying to do without user interaction would be to write your own server backend and use the IP address / user agent string and other variables to uniquely identify a device. When the device logs in then all other requests from that device would be considered "logged in" until the user logs out from one of them.
This would be very insecure and I would not recommend it. Anyone could impersonate the user if they knew enough about the device they were using, and were behind the same router.
I am trying to put some files and folders in a place that my WinRT application could access and read files from. These files and folders must be locked and permanent even when I uninstall the application.
There are 4 main categories of folders that you have access to from a Windows Store Application:
/AppData/Local/<yourpackage>
Standard available libraries (Music, Pictures, Videos)
Libraries that require elevated permissions (Documents)
User-defined folders (through a FilePicker)
Typically you will store data specific to your application in the first kind and data for the user in a library or a user-defined folder.
When your application is uninstalled, its package folder under /AppData/Local is removed so there is nothing left there (note that this contains the directories which you get using ApplicationData.Current.Local and ApplicationData.Current.Roaming).
Therefore in order to save data persistent through installations you will have to save them in a different directory. Note however that in the case of option 4, the user might not decide to give you access to the folder he picked out the previous time or that he doesn't want to give the application access to the Documents library.
I think a more solid solution would be to save the data on a remote location so that the user can download it when he installs the application again, rather than relying on everything being saved at the user's device.
With regards to the locking: you could look into the DataProtectionProvider and see if that suits your needs.
To reiterate Jeroen's response:
To save data locally in a place that won't be deleted when the app is uninstalled, you must use the file picker to have the user choose a location.
Saving the data remotely is the only option that doesn't require user interaction.
It's possible to save data in the app's roaming settings, as those are retained for some period of time after the app is uninstalled. If the user has the app installed elsewhere, that data will be retained continuously. If there are no other installations, it will be retained for around a month.
I recently wrote a blog post addressing this exact scenario in more detail, including how to get a persistent user identity for any data your store remotely: http://www.kraigbrockschmidt.com/2014/07/31/persisting-data-after-uninstall/.
I have a web application based on C#,asp.net.
In application i generate an xml file that contents journal records.
Admin user must sign this xml file with his usb token.
In windows application i can read usb token certificate file and i can sign the xml file.
But in web application i execute the same code and i get an this error:
"Card inserted card reader not found".
How can i access on client usb token and certificate from ny web application?
Is there anyone using electronic signature on web application?
There is no easy solution. You have to create ActiveX control or Java applet and install it on client machine. That is how my internet banking works.
The usual and the easiest way is to let the users upload a scanned copy of their signatures. The application should then save it somewhere (database or some folder on the server). Whenever required, these users should be able to use their signatures. It then automatically becomes electronic signature. Just properly authenticate and authorize users before letting them use the electronic signatures.
Hope this helps!!
I'm developing a POS standalone Desktop application uisng SQL Compact, C# WPF , i want to save the user name and password and some user related settings details in the local desktop .
can i use registry for this purpose ? if so please guide me how to do this.In my recent coding i used binary files (.dat or .bin ) to store the settings information. now iam trying to look for other options. XML is not secured as one can read the file easily.
You Could use the windows registry for the users from the computer, if that user logs in to the computer your pos will auto log that person in to the system.
You can have the pos make a secure backup of the registry as user info is added. Now as far as adding other information to the registry it can be done but not very easy.
As a user logs into the system they become the curent user on a stand alone system. If this will go on a network domain then you should use active directory for your user information.
How to access to Registry using C# you can find here. But, I'm not sure that is such a good idea - you can store data in a file - even in an XML. You can crypt the data - in that case it will not be readable to anyone.
Is there any way, using C#, to monitor a specific file then change its contents before it is read by specific applications?
Here is the situation:
I have a Windows 2003 Server running ASP.NET with a configuration file (xml) which contains LDAP information. I want to have the LDAP password encrypted. I'm trying to devise a way to monitor that file, and whenever it is read, decrypt the LDAP password and pass that to whatever is reading it. Is there any way to tell which program is doing the read? I aldready have the encrypt/decrypt working but it is built into the ASP.NET installation; I would like to make it external. The encrypt/decrypt is RSA using key's from the key store.
If you want the encrypt/decrypt external to your main application, what about creating a separate .dll or webservice that does that. Then your call in your ASP.NET application is to your webserice or .dll.
Something like (Warining: Not Compiled- you'll need to clean this up)
WebServiceInstance instance = new WebServiceInstance();
string password = instance.PerformGetPassword();
Then, your ASP.NET service is unaware of the encrypted password at all. Additionally, if you have other applications which need to access the same file, they can call the same webservice.
I think this would be much better accomplished by using NTFS permissions on the file. Grant access only to certain users/groups, and ensure that any process requiring access to the secured data is running under the security context of a user that has the correct ACL permissions.