Consider removing dependency on System.Security.Cryptography.ProtectedData

[m-redding]

Currently we have a dependency on version 4.7.0 of System.Security.Cryptography.ProtectedData in Packages.Data.Props. Upgrading this to 6.0.0 results in warnings, because these APIs only work on Windows operating systems, and they added these warnings in .NET 5. From what I can tell, even though we aren't getting warnings in 4.7.0, they are still not safe for use with non-Windows operating systems.

We should consider removing this dependency because it's only used in these two places:

• MsalCacheReader - which isn't used anywhere
• TestEnvironmentTests

Related

• https://github.com/chocolatey/choco/discussions/2655
• https://github.com/NuGet/Home/issues/1851
• https://github.com/dotnet/runtime/issues/22886

[jsquire]

The main reason that this assembly is used is for the local encryption of the test environment file for local runs, which is only done on Windows. I think that's what the TestFramework tests are checking. Since this is a critical part of the developer loop for most Azure SDK developers, I think we want to leave this in the test framework and ignore the warnings. @JoshLove-msft: Anything there that you disagree with?

@christothes or @schaabs would be the folks with the best insight on the MsalCacheReader.

[christothes]

I don't recall when we ever used MsalCacheReader, but it seems unreferenced as @m-redding mentioned. Seems like we could remove it.

[christothes]

Here's a PR that moves the reference to test projects only and removes it from Identity https://github.com/Azure/azure-sdk-for-net/pull/45232 . I didn't upgrade the version, this is just to validate the movement.

[m-redding]

@christothes Thank you - that would work great!