[Cookies] Consume ITlsTokenBindingFeature #263
Description
ITlsTokenBindingFeature represents a new TLS extension where clients can use their TPM to generate a stable machine ID and include that on each TLS handshake. The server can then use this to bind encrypted cookies to that machine ID (across TLS sessions), preventing them from being exported by malware for use on another device. WebListener, IIS, and IE currently support this on Win10+.
Logic: Per request, if ITlsTokenBindingFeature is present and GetProvidedTokenBindingId returns a value, base64 encode the bytes into a string and call IDataProtector.CreateProtector to create a sub-dataprotector that is client specific. Note this should only be used to encrypt cookies that are Secure/https only. You wouldn't be able to decrypt the cookie if it came back over a plain http connection.