public void SingleProvider_SamePurpose_RoundTripsData()
        {
            // Arrange
            var dataProtectionProvider = new EphemeralDataProtectionProvider();
            var dataProtector1         = dataProtectionProvider.CreateProtector("purpose");
            var dataProtector2         = dataProtectionProvider.CreateProtector("purpose"); // should be equivalent to the previous instance

            byte[] bytes = Encoding.UTF8.GetBytes("Hello there!");

            // Act
            byte[] protectedBytes   = dataProtector1.Protect(bytes);
            byte[] unprotectedBytes = dataProtector2.Unprotect(protectedBytes);

            // Assert
            Assert.Equal(bytes, unprotectedBytes);
        }
        public void SingleProvider_DifferentPurpose_DoesNotRoundTripData()
        {
            // Arrange
            var dataProtectionProvider = new EphemeralDataProtectionProvider();
            var dataProtector1         = dataProtectionProvider.CreateProtector("purpose");
            var dataProtector2         = dataProtectionProvider.CreateProtector("different purpose");

            byte[] bytes = Encoding.UTF8.GetBytes("Hello there!");

            // Act & assert
            byte[] protectedBytes = dataProtector1.Protect(bytes);
            Assert.ThrowsAny <CryptographicException>(() =>
            {
                byte[] unprotectedBytes = dataProtector2.Unprotect(protectedBytes);
            });
        }