How to use .Net MAUI Secure storage in your Mobile application ( iOS, Android and Windows )

.NET MAUI provides different techniques for local storage, in my previous article, explain preferences. This article will explain how to use secure storage in your mobile iOS, Android, and windows applications.

Secure storage is like a shared preference. It stores data in key and value pairs. The data is encrypted and users a key made from a unique device key to encrypt and decrypt the data stored. The data is stored in a secure storage directory where only the OS can access it.

  Secure storage - .NET MAUI - Microsoft Docs
You must keep in mind Do and Don’t Do things about Secure Storage.
  1. There are no storage limitations for secure storage, best practices, and performance, secure storage may be impacted if you store large amounts of text, as the API was designed to store small amounts of text.
  2. You can store an unlimited number of keys inside
  3. The data gets deleted once the app is uninstalled.
  4. Best practice, you can choose to disable Auto Backup for your entire application, or You can create a custom rule set to exclude Secure Store items from being backed up.

Don’t Do in Secure Storage

  1. Secure storage to store data that should be encrypted and hidden from the user. That data should store only store users' sensitive data such as their API keys and not your server private keys and server connection string. Although data stored in secure storage are encrypted, it isn't entirely secure. Users can root/jailbreak their devices which gives them full control of the OS. There are tools that can intercept keys as they are provided and use them to decrypt the data. The only way to prevent that is to never save the server details and non-user-related data to the user device. You should store it on a server that you can control.
  2. When you try to save the max length string into the Preferences and secure storage to your device, it throws a Memory Exception when Preferences and secure storage data exceed 1.42 MB so don’t try to save a large amount of text, so if you have more than 1.42 MB data size to save it’s better to save use File storage or SQLite database.

Secure Storage VS. preferences

You probably already know about preferences, which is very useful when you want to save non-private information, but where you need to use secure storage, the following key difference will help you to understand.
Local Settings: Preferences and Secure Storage

Getting started with MAUI Secure Storage

The following steps are to create/get / Clear secure storage using.Net MAUI application. The .Net MAUI Secure Storage and ISecureStorage types are available in Microsoft.Maui.Storage namespace.

Secure storage will work on all the platforms iOS, macOS, Android, and windows, Only iOS simulator debugging require extra setup will explain in the last section.

Create New project

You can open visual studio 2022 from your Windows / Mac machine. You must follow the below 3 steps to create a new MAUI application.

Step 1: Select Create a new project

Step 2: Search the MAUI project template or choose Project Type > MAUI from the drop-down.

Step 3: Provide the configuration Details as a project name, Location, and Solutions name.
Xamarin.Essentials: Secure Storage

Namespace

Secure storage is storing data in key-value pairs and can be easily managed via the secure storage class from Microsoft.Maui.Storage namespace, so accesses secure storage add the Microsoft.MAUI. storage namespace

Save Secure Storage

SetAsync method, providing the key and value. it supports strings only. If you want to store other types of data, you can encode them as a string. The most convenient way to do that is probably JSON. You can use JSON serialize and deserialize.

await SecureStorage.SetAsync("Key String ", "Value String ");

For Example, while using implementation you can use like below

await SecureStorage.SetAsync("UserPassword", "MSdevBuild@123");

The Mobile Secure storage will work as per the platform-specific; the below section will show how different platforms store the secure storage in the device.

Android Device Secure Storage

Secure Storage uses the preference API and follows the same data persistence with a filename

[YOUR APP Package name ID].microsoft.maui.essential.preferences

However, data is encrypted with the Android EncryptedSharedPreference Class, and the secure storage value is encrypted with AES-256 GCM.

iOS Device Secure Storage

Key Chain is used to store values securely on iOS devices. The SecRecord used to store the value has a Service value set to

[YOUR-APP-BUNDLE-ID].microsoft.maui.essentials.preferences.

Windows Device Secure Storage

DataProtectionProvider is used to encrypt values securely on Windows devices.Encrypted values are stored in ApplicationData.Current.LocalSettings, inside a container with a name of

[YOUR-APP-ID].microsoft.maui.essentials.preferences.

Read Secure Storage

In the above code snippets, you understood the saved the secure storage string value, in the below statement will get the value from existing secure storage.

await SecureStorage.GetAsync("Existing save Key");

Here you don’t have the option to check the key already available or not, but you can check values there or not using strining.IsnullorEmpty.

string securepassword = await SecureStorage.GetAsync("UserPassword");

if(!string.IsNullOrEmpty(securepassword))
{
//Statement
}

Remove Secure Storage

Remove and Remove all will use for dropping the Secure Storage key and value, suppose if you are doing any logout or switching to a different user this will help to clear all the Secure storage from your device.

Remove will give the confirmation with the bool return type, this will help us for navigation after confirmation.

bool isremoved = SecureStorage.Remove("UserPassword");


Suppose, User tries to log out or switch to different users, the best way to use remove all secure storage

SecureStorage.RemoveAll();

IOS Specific Secure Storage Setup

You must follow the below steps for only IOS simulator

Secure Storage Setup for IOS Simulator

I have received this question from many of them, “I want to use Secure Storage on iOS and Android mobile phones and tablets, but I get this error message on iOS simulator but it works well in Android emulator, devices and IOS devices”

SecureStorage requires Entitlements.plist update for iOS

The above issue is common for Xamarin and MAUI, you can follow the below steps will work in IOS simulator.

When developing on the iOS simulator, enable the Keychain entitlement and add a keychain access group for the application's bundle identifier.
Step 1: Create or open the Entitlements.plist in the project and This will automatically add the application's identifier as a group
Step 2: In the project properties, under iOS Bundle Signing set the Custom Entitlements to Entitlements.plist.

Secure Storage plugin not working in ios simulator

Export compliance documentation for encryption, while Uploading AppStore

Complying with Encryption Export Regulations screen when uploading to the apple store, suppose you app makes calls to a web service via HTTPS and MAUI Xamarin Secure Storage to store secure information, in this case, you don’t worry about Encryption export Regulation, as per Apple documentation No documentation required.

Complying with Encryption Export Regulations

If you do the below steps, next time you won’t get the above Dialog wizard.

Add the ITSAppUsesNonExemptEncryption key to your app’s Info.plist file with a Boolean value that indicates whether your app uses encryption. Set the value to NO if your app using only Secure Storage and https API call, next

Is HTTPS exempt from export compliance?

Summary

The Secure Storage class is intended to store small pieces of secure storage information. If you need to locally save and retrieve more complex and structured data, a good option is to use a local database.

0 Comments

Featured Post

Improving C# Performance by Using AsSpan and Avoiding Substring

During development and everyday use, Substring is often the go-to choice for string manipulation. However, there are cases where Substring c...

MSDEVBUILD - English Channel

MSDEVBUILD - Tamil Channel

Popular Posts