Protected Browser Storage

[MackinnonBuck]

Summary of the changes

• Create new package AspNetCore.Components.Web.Extensions
• Migrated Protected Browser Storage from AspLabs to aspnetcore
• Wrote E2E tests
• Added safeguard against using Protected Browser Storage in WebAssembly
• Modify GetAsync to distinguish between nonexistent keys and keys that map to a default value.

Addresses #18755

public abstract class ProtectedBrowserStorage
{
   protected ProtectedBrowserStorage(string storeName, IJSRuntime jsRuntime, IDataProtectionProvider dataProtectionProvider);
   ValueTask SetAsync(string key, object value);
   ValueTask SetAsync(string purpose, string key, object value);
   ValueTask<ProtectedBrowserStorageResult<TValue>> GetAsync<TValue>(string key);
   ValueTask<ProtectedBrowserStorageResult<TValue>> GetAsync<TValue>(string purpose, string key);
   ValueTask DeleteAsync(string key);
}

public class ProtectedLocalStorage : ProtectedBrowserStorage
{
        public ProtectedLocalStorage(IJSRuntime jsRuntime, IDataProtectionProvider dataProtectionProvider)
}

public readonly struct ProtectedBrowserStorageResult<T>
{
        public bool Success { get; }

        [MaybeNull]
        [AllowNull]
        public T Value { get; }
}

[SteveSandersonMS]

This looks great to me. Nice one @MackinnonBuck!

I'm happy to approve now, but @pranavkm left a bunch of good comments to be addressed before merging. Also I left a couple of suggestions.

[javiercn]

Looks great!

The only piece of feedback that I have is the same as the one about not needing the JS file.

[pranavkm]

This looks great. I'd like to get @javiercn's opinion on the data protection caching.

[ghost]

Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:

• The PR contains changes to the reference-assembly that describe the API change. Or, you have included a snippet of reference-assembly-style code that illustrates the API change.
• The PR describes the impact to users, both positive (useful new APIs) and negative (breaking changes).
• Someone is assigned to "champion" this change in the meeting, and they understand the impact and design of the change.

[pranavkm]

@Pilchie @MackinnonBuck tried to add a project using VS and it changed quite a few GUIDs and version numbers. I think he had to use VS (vs dotnet sln add) to create solution folders. Any idea why VS is producing so much diff?

[Pilchie]

Ah - one of those guids is "original C# project guid, so please autodetect whether to use the old project system, or the new SDK project system", and the other is "force use of the new project system".

I forget which is which, but I think the 9A19103F is the original guid, which VS seems to prefer.

It seems that dotnet sln add uses the FAE04EC0 one to force to the new project system though.

@davkean - does that match your understanding?

If so, we should probably just update them all, and file an issue on dotnet/sdk to change dotnet sln add to use the 9A19103F

[pranavkm]

• Make the derived types sealed. Also consider declaring the protected ProtectedBrowserStorage ctor as private protected
• purpose -> protectionPurpose. Also move it to the end of the parameter list e.g:

ValueTask SetAsync(string key, object value);
ValueTask SetAsync(string key, object value, string protectionPurpose);

[SteveSandersonMS]

Open question: could we drop the "purpose" parameter altogether and have the framework auto-create a purpose from "key"?

We were concerned that having any developer control over "purpose" risks confusing people. For example it might look as if each "purpose" is a separate key-value collection so you could use the same key multiple times with different purposes, when in fact they would overwrite each other.

[pranavkm]

I was about to draft an email to @GrabYourPitchforks and @javiercn since they had previously commented on this PR. One of the scenarios where an additional purpose might be useful is if there's a server secret that you do not want to send to the browser (for instance something like the user id).

[GrabYourPitchforks]

Feel free to shoot an email or set up a video chat. :)