Protecting .NET applications that use the MVVM pattern

Model–View–ViewModel (MVVM) is a common pattern used in WPF, Xamarin, and other types of .NET applications. There are different ways to apply the MVVM pattern, but they all share a few underlying concepts. I’d like to discuss these concepts, and how to successfully configure protection with Dotfuscator for MVVM-based apps.

Please consider this basic WPF application, which displays a group of employees in a grid format:

The Model for this application is the Employee object. As with any MVVM application, the model has three characteristics: 

1.It implements INotifyPropertyChanged. 

2. Because it implements INotifyPropertyChanged, it contains an event of type PropertyChangedEventHandler.  

3. It has an OnPropertyChanged method which, in conjunction with the PropertyChanged event, is responsible for syncing the state of the object data with the user interface. 

If we look at any of the properties within Employee, we notice that they call OnPropertyChanged with a string argument containing the property name. 

This string value will be compared at runtime to the name of the property, so in my Dotfuscator config, I need to exclude such properties from Renaming. 

If I do not exclude these properties, Dotfuscator will rename them, and the string comparison will fail. That causes my Employee grid to be empty after obfuscation. 

As I mentioned earlier, there are many possible implementations of the MVVM pattern, but most of them are affected by obfuscation this same way. The property name on the Model contains a string representation of that property which is passed to OnPropertyChanged. Because of this, a rename exclusion is required in Dotfuscator. 

You may download the full example here.

If you have any feedback on this topic, or other topics you would like us to discuss in the Support Corner, please feel free to contact us at support@preemptive.com.