How to convert a string to securestring explicitly
I want the text entered in the textbox to be converted to securestring in c#.
The simplest approach is to iterate over the source string and append one character at a time to the secure string, like so:
var secure = new SecureString();
foreach (char c in textbox1.Text)
{
secure.AppendChar(c);
}
Invent once and reuse lots. Create a simple extension method to extend the string base class and store it some static utilities class somewhere
using System.Security;
/// <summary>
/// Returns a Secure string from the source string
/// </summary>
/// <param name="Source"></param>
/// <returns></returns>
public static SecureString ToSecureString(this string source)
{
if (string.IsNullOrWhiteSpace(source))
return null;
else
{
SecureString result = new SecureString();
foreach (char c in source.ToCharArray())
result.AppendChar(c);
return result;
}
}
and then call as follows:
textbox1.Text.ToSecureString();
You should make the SecureString readonly. So the code should look like this:
static class SecureStringExtensions
{
public static string ToUnsecureString(this SecureString secureString)
{
if (secureString == null) throw new ArgumentNullException("secureString");
var unmanagedString = IntPtr.Zero;
try
{
unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(secureString);
return Marshal.PtrToStringUni(unmanagedString);
}
finally
{
Marshal.ZeroFreeGlobalAllocUnicode(unmanagedString);
}
}
public static SecureString ToSecureString(this string unsecureString)
{
if (unsecureString == null) throw new ArgumentNullException("unsecureString");
return unsecureString.Aggregate(new SecureString(), AppendChar, MakeReadOnly);
}
private static SecureString MakeReadOnly(SecureString ss)
{
ss.MakeReadOnly();
return ss;
}
private static SecureString AppendChar(SecureString ss, char c)
{
ss.AppendChar(c);
return ss;
}
}
It may be a little late but you can convert SecureString to String this way either
using System.Security;
.
.
.
/// <summary>
/// Converts String to SecureString
/// </summary>
/// <param name="input">Input in String</param>
/// <returns>Input in SecureString</returns>
public SecureString String2SecureString(String input) {
SecureString _output = new SecureString();
input.ToCharArray().ToList().ForEach((q) => _output.AppendChar(q));
return _output;
}
although it all the same as Balazs Tihanyi's answer:
Google is your friend...
var secure = new SecureString(); foreach(char c in textbox1.Text) { secure.AppendChar(c); }
I'm supprised nobody metioned about SecureString constructor taking pointer to char array.
public static SecureString ToSecureString(this string source)
{
char[] charArray = source.ToCharArray();
unsafe
{
fixed (char* chars = charArray)
{
return new SecureString(chars, charArray.Length);
}
}
}
Note that this code only works with /unsafe
compiler option. To set this option go to project properties, Build tab and check Allow unsafe code checkbox.