Pre load System.Security.Cryptography.ProtectedData assembly on Windows PowerShell.

Author: peombwa

Repo.props

@@ -0,0 +1,9 @@
+
+<Project>
+    <PropertyGroup>
+      <RepoRoot>$(MSBuildThisFileDirectory)</RepoRoot>
+      <RepoSrc>$(RepoRoot)src/</RepoSrc>
+      <RepoArtifacts>$(RepoRoot)artifacts/</RepoArtifacts>
+      <RepoTools>$(RepoRoot)tools/</RepoTools>
+    </PropertyGroup>
+  </Project>

src/Authentication/Authentication/Helpers/AuthenticationHelpers.cs

@@ -67,7 +67,7 @@ private static void ConfigureTokenCache(ITokenCache tokenCache, string tokenCach
                 lock (FileLock)
                 {
                     args.TokenCache.DeserializeMsalV3(File.Exists(tokenCachePath)
-                        ? File.ReadAllBytes(tokenCachePath)
+                        ? TokenCryptoHelpers.DecryptToken(File.ReadAllBytes(tokenCachePath))
                         : null,
                         shouldClearExistingCache: true);
                 }
@@ -78,7 +78,7 @@ private static void ConfigureTokenCache(ITokenCache tokenCache, string tokenCach
                 {
                     if (args.HasStateChanged)
                     {
-                        File.WriteAllBytes(tokenCachePath, args.TokenCache.SerializeMsalV3());
+                        File.WriteAllBytes(tokenCachePath, TokenCryptoHelpers.EncryptToken(args.TokenCache.SerializeMsalV3()));
                     }
                 }
             });

src/Authentication/Authentication/Helpers/TokenCryptoHelpers.cs

@@ -0,0 +1,38 @@
+// ------------------------------------------------------------------------------
+//  Copyright (c) Microsoft Corporation.  All Rights Reserved.  Licensed under the MIT License.  See License in the project root for license information.
+// ------------------------------------------------------------------------------
+namespace Microsoft.Graph.PowerShell.Authentication.Helpers
+{
+    using System;
+    using System.Security.Cryptography;
+
+    /// <summary>
+    /// Helper class to handle token encryption and decryption.
+    /// </summary>
+    internal static class TokenCryptoHelpers
+    {
+        /// <summary>
+        /// Encrypts the passed buffer based on the host platform.
+        /// </summary>
+        /// <param name="buffer">A <see cref="byte[]"/> to encrypt.</param>
+        /// <returns>An encrypted <see cref="byte[]"/>.</returns>
+        public static byte[] EncryptToken(byte[] buffer)
+        {
+            if (Environment.OSVersion.Platform == PlatformID.Win32NT)
+                return ProtectedData.Protect(buffer, null, DataProtectionScope.CurrentUser);
+            return buffer;
+        }
+
+        /// <summary>
+        /// Decrypts the passed buffer based on the host platform.
+        /// </summary>
+        /// <param name="buffer">A <see cref="byte[]"/> to decrypt.</param>
+        /// <returns>An decrypted <see cref="byte[]"/>.</returns>
+        public static byte[] DecryptToken(byte[] buffer)
+        {
+            if (Environment.OSVersion.Platform == PlatformID.Win32NT)
+                return ProtectedData.Unprotect(buffer, null, DataProtectionScope.CurrentUser);
+            return buffer;
+        }
+    }
+}

src/Authentication/Authentication/Microsoft.Graph.Authentication.csproj

@@ -1,5 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
+  <Import Project="$(MSBuildThisFileDirectory)..\..\..\Repo.props" />
+  
   <PropertyGroup>
     <Version>0.0.1</Version>
     <LangVersion>7.1</LangVersion>
@@ -16,11 +18,20 @@
     <WarningsAsErrors />
     <NuspecFile>Microsoft.Graph.Authentication.nuspec</NuspecFile>
   </PropertyGroup>
+  
+  <ItemGroup>
+    <PreLoadAssemblies Include="$(RepoTools)lib\System.Security.Cryptography.ProtectedData.dll" />
+  </ItemGroup>
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Graph.Auth" Version="1.0.0-preview.2" />
     <PackageReference Include="Microsoft.Graph.Core" Version="1.18.0" />
     <PackageReference Include="Microsoft.Identity.Client" Version="4.5.1" />
     <PackageReference Include="PowerShellStandard.Library" Version="5.1.0" />
+    <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="4.7.0" />
   </ItemGroup>
+
+  <Target Name="CopyFiles" AfterTargets="Build">
+    <Copy SourceFiles="@(PreLoadAssemblies)" DestinationFolder="$(TargetDir)\PreloadAssemblies" />
+  </Target>
 </Project>

src/Authentication/Authentication/Microsoft.Graph.Authentication.nuspec

@@ -1,7 +1,7 @@
 <?xml version="1.0"?>
 <package>
   <metadata>
-    <version>0.1.4</version>
+    <version>0.1.6</version>
     <id>Microsoft.Graph.Authentication</id>
     <description>Microsoft Graph PowerShell authentication module</description>
     <authors>Microsoft</authors>
@@ -18,12 +18,14 @@
   </metadata>
   <files>
     <file src="Microsoft.Graph.Authentication.psd1" />
+    <file src="Microsoft.Graph.Authentication.psm1" />
     <!--<file src="Graph.Authentication.psm1" />-->
     <!-- https://github.com/NuGet/Home/issues/3584 -->
     <file src="bin/Microsoft.Graph.Authentication.dll" target="bin" />
     <file src="bin/Microsoft.Graph.Authentication.deps.json" target="bin" />
     <file src="bin/Microsoft.Graph.Auth.dll" target="bin" />
     <file src="bin/Microsoft.Graph.Core.dll" target="bin" />
     <file src="bin/Microsoft.Identity.Client.dll" target="bin" />
+    <file src="bin/PreloadAssemblies/System.Security.Cryptography.ProtectedData.dll" target="bin/PreloadAssemblies" />
   </files>
 </package>

src/Authentication/Authentication/Microsoft.Graph.Authentication.psd1

@@ -3,16 +3,16 @@
 #
 # Generated by: Microsoft
 #
-# Generated on: 12/12/2019
+# Generated on: 2/3/2020
 #
 
 @{
 
 # Script module or binary module file associated with this manifest.
-RootModule = '.\bin\Microsoft.Graph.Authentication.dll'
+RootModule = './Microsoft.Graph.Authentication.psm1'
 
 # Version number of this module.
-ModuleVersion = '0.1.4'
+ModuleVersion = '0.1.6'
 
 # Supported PSEditions
 CompatiblePSEditions = 'Core', 'Desktop'

src/Authentication/Authentication/Microsoft.Graph.Authentication.psm1

@@ -0,0 +1,13 @@
+# Load dependencies
+$preloadPath = (Join-Path $PSScriptRoot -ChildPath ".\bin\PreloadAssemblies")
+if ($PSEdition -eq 'Desktop' -and (Test-Path $preloadPath -ErrorAction Ignore)) {
+    try {
+        Get-ChildItem -ErrorAction Stop -Path $preloadPath -Filter "*.dll" | ForEach-Object {
+            Add-Type -Path $_.FullName -ErrorAction Ignore | Out-Null
+        }
+    }
+    catch { }
+}
+
+# Load the module dll
+$null = Import-Module -Name (Join-Path $PSScriptRoot '.\bin\Microsoft.Graph.Authentication.dll')