CLR and Present Danger

  • Article

Jeff Maxton recently pointed out an issue with Team Foundation and the Windows folder "encrypt contents" option.

Briefly, the problem is this. Suppose you want to encrypt your working folders for your Team Foundation workspace. Theoretically, you should just be able to select "Advanced..." on the containing folder's Properties dialog and click "Encrypt contents to secure data" option. After doing this, any file you drag and drop into the folder in Windows Explorer automatically has encryption turned on. For Team Foundation, however, only the folders seem to be encrypted while the files are not.

After a bit of poking around the code with James, it became clear that the issue resided not in Team Foundation's handling of the files, but rather with the CLR. Just for fun, let's do a little interactive lab time.

  1. Create two folders on disk: "C:\encrypted" and "C:\unencrypted"
  2. Right-click on "encrypted" and select properties, then select "Advanced..." and check "Encrypt contents to secure data"; click "OK" on the advanced and properties dialogs
  3. Start up VS and run the following C# program:
    using System.IO;namespace ConsoleApplication1{    class Program    {        static void Main(string[] args)        {            File.WriteAllText(@"C:\unencrypted\file1.txt", "text");            File.Move(@"C:\unencrypted\file1.txt", @"C:\encrypted\file1.txt");            File.WriteAllText(@"C:\encrypted\file2.txt", "text");        }    }}
  4. Now, check the properties on file1.txt and file2.txt- note that file2 is encrypted while file1 is not.

Due to the way Team Foundation Version Control retrieves files from the server, files maintain the encryption setting on the temporary directory we use for downloading. If you want to encrypt these files, you can encrypt the "TFSTemp" directory in your user temp dir. This will cause the files to be downloaded with encryption on, which they will then retain once moved to your working dirs.

PLEASE NOTE: This is not a thoroughly tested environment setup, and all the usual disclaimers apply. For more on Windows encryption, please check Microsoft Support.

Edit (3/16/2006): This is also true for the "Compress contents to save disk space" option.