对于UWP应用程序,建议使用什么机制来存储需要与应用程序一起部署的机密,如API密钥和机密令牌?对于用户生成的身份验证令牌,PasswordVault是有意义的,但我看不到在应用程序部署中设置这些令牌的方法。到目前为止,我在应用程序中嵌入了它们,这似乎不"正确"或不安全。
您可以使用PasswordCredential
API,代码片段:
string CredentialsName = "testing";
private PasswordCredential GetCredentialFromLocker()
{
PasswordCredential credential = null;
var vault = new PasswordVault();
IReadOnlyList<PasswordCredential> credentialList = null;
try
{
credentialList = vault.FindAllByUserName(Username);
}
catch
{
return credential;
}
if (credentialList.Count > 0)
{
credential = credentialList[0];
}
return credential;
}
public void CreatePassword(string password, string username)
{
var vault = new PasswordVault();
vault.Add(new PasswordCredential(CredentialsName, username, password));
}