locked
Security Credentials Delete Upon Uninstall RRS feed

  • Question

  • I am storing my log in credentials for my app in the windows security vault, but when I uninstall my app the credentials are still in the vault.

    Currently this is a problem when I uninstall the app and re-install because it opens on a different page if the app has credentials stored in the vault.

    How do I ensure that when the user uninstalls the app their credentials are deleted from the vault as well?

     
    Tuesday, August 20, 2013 8:35 PM

Answers

  • I actually came up with a way to do it. It would make more sense that Windows 8 would clear the credentials that were created by the app when its uninstalled, but it is what it is.

    I just tested my database to see if it had anything it. If it is empty, then I clear the vault in the following way upon launch of my app.

                        

    Windows.Security.Credentials.PasswordVault vault = new Windows.Security.Credentials.PasswordVault();
    IReadOnlyList<PasswordCredential> creds = vault.RetrieveAll();

    foreach (PasswordCredential c in creds)
    {
            vault.Remove(c);

    }

    • Marked as answer by GodfatherSaint Wednesday, August 21, 2013 7:28 PM
    Wednesday, August 21, 2013 1:10 PM

All replies

  • You cannot.  An app does not get to run when it is uninstalled (it is simply uninstalled).  This has to be a manual step by the user if you wish to remove them.

    Jeff Sanders (MSFT)

    @jsandersrocks - Windows Store Developer Solutions @WSDevSol
    Getting Started With Windows Azure Mobile Services development? Click here
    Getting Started With Windows Phone or Store app development? Click here
    My Team Blog: Windows Store & Phone Developer Solutions
    My Blog: Http Client Protocol Issues (and other fun stuff I support)

    Wednesday, August 21, 2013 12:04 PM
    Moderator
  • I actually came up with a way to do it. It would make more sense that Windows 8 would clear the credentials that were created by the app when its uninstalled, but it is what it is.

    I just tested my database to see if it had anything it. If it is empty, then I clear the vault in the following way upon launch of my app.

                        

    Windows.Security.Credentials.PasswordVault vault = new Windows.Security.Credentials.PasswordVault();
    IReadOnlyList<PasswordCredential> creds = vault.RetrieveAll();

    foreach (PasswordCredential c in creds)
    {
            vault.Remove(c);

    }

    • Marked as answer by GodfatherSaint Wednesday, August 21, 2013 7:28 PM
    Wednesday, August 21, 2013 1:10 PM