In this video, learn to manage token lifetime and encryption using TokenCache.
- [Instructor] Our sign in logic is mostly done, with the exception of implementing this FileCache. What is this FileCache? Well, it is simply a class that inherits from an art of the box class called TokenCache. And, the purpose of this class is to give us the flexibility in how we want token management to happen. Do we want to stall the refresh token at a certain place with certain encryption? That class gives us that ability. So as the name here suggests, that I wish to manage these tokens in a file.
We'll need to encrypt that file, so let me first go ahead and add a reference into my project to system dot security. Now, this gives me access to various cryptographic classes, which I intend to use in the FileCache. So the next thing I need to do, is that I will add a class called FileCache. So new class. FileCache.
Now let's examine this code. FileCache simply inherits from an art of the box class, which is part of ADO, called TokenCache. It gives me certain methods, like Before Access Notification, After Access Notification that allow me, to tap into various important events, during the lifecycle of token management. So I can save the token, retrieve the token and encrypt it however I wish. As you can see from this class, that I am choosing to store this token in a file in the same directory as the .EXE itself, the name of the file by default is TokenCache.dat.
At the start of the project and when the constructor gets called, I de-serialize that particular file, and I'm using DPAPI to unprotect and protect this. And I'm doing this in the current user scope, so if there are multiple users sharing the computer, you know, they won't be able to step over each other and decrypt each others files. Notice that this also means that, when you move the project from one computer to another, as in if you download the source code from my project, remember to delete this file because you won't be able to decrypt the tokens from my machine, so remember to delete this file when you are on this project, if you choose to use the available source code with this course.
Clear as you can imagine clears the TokenChache who are simply deleting the files. Simple enough. The Before Access Notification method gets called, well as the name suggests, before we are trying to access the token. So here, we simply de-serialize the contents and provide them back. The After Access Notification happens well after you have access token so you want to write some content in there, as in after the data has been accessed there's a potential that the data could be changed.
So if the data has changed, then we write out the cache. And just to be safe, we've put this in FileLocks, so we don't want multiple threads trying to write over the file at the same time. And that completes my FileCache, and therefore token management in a thick line. Now I have chosen to store this TokenCache in a file. Can you store it somewhere else? In a sequel server or perhaps somewhere else? Absolutely! That's the whole point, that you have the ability to inherit from this TokenCache class, and this TokenCache class allows you to overwrite this behavior, to your desire and needs.
- What is Microsoft Graph?
- Registering a web application in Azure AD
- Adding authentication logic and authentication UI
- Native applications calling Graph
- Reviewing scenarios where web apps involving Graph are useful
- Web applications with application identity and delegated identity calling Graph
- Daemons calling Graph