C#: Ask User for a Password which is then stored in a SecureString
In the small application that I'm currently developing for a customer I need to ask the user for his windows login username, password and domain and then use those with System.Diagnostics.Process.Start to start an application.
I have a textbox with UseSystemPasswordChar to mask the entered password.
I need a System.Security.SecureString to feed the password to System.Diagnostics.Process.Start.
How do I convert the entered text to secure string while not doing it one character after another? Alternatively: Is there a better window control to ask the user for a password that returns the entered text as SecureString?
Try looking at the SecurePasswordTextBox custom control. Are you trying to do something similar to a "Run As" type command where you are trying to run the process as a different user than the one currently logged on? If not, you should be able to just call Process.Start and let it pick up the current users credentials.
Also, take a look at the following resources as well:
- CredUIPromptForWindowsCredentials (Vista and Server 2008)
- Microsoft Support article
- LogonUser Function
- LogonUserEx Function
The best option would probably be to use some interop p/inovke code to call CredUIPromptForCredentials to display the standard Windows dialog box and then use that information to either call Process.Start, or, more likely, call the CreateProcessAsUser function.
The reason the SecureString wants to accept one character at a time is that otherwise you would have the entire string before that and cause the string to be in memory. Thus, using a SecureString in this scenario kind of defeats the purpose.