![]() ![]() Is why you mentioned using focus, or a "new" checkbox, correct? They act as a way to signal to the calling code that the passwordbox contains valid data? So, if I follow the approach you mention, passing a dummy "********" rather than a securestring "password" - the problem becomes identifying whether the securestring in PasswordBox.SecureText is a new password or is an encrypted copy of the dummy text. Of course, we both know this isn't how the passwordbox works.īut, that is the way I had expected it to work. Returns the same string I initialized it to, or a new password based on user input - at no time should there have been a need to deal with the actual contents of the original password's securestring. Then, when it is time to use the password, either the passwordbox The Text field would be generated based on the securestring's length property. In other words, I was looking for a simple solution that would set the current password as the secure string. However, that side effect alone doesn't really expose any sensative information, so I wasn't as concerned about it as I was with how the original password data was being supplied. To modify the existing password's data was not included intentionally. ![]() While the workaround "works" - the ability The goal of this operation was to simply identify the presense of a password consisting of N characters. The user should be allowed to enter a new password, or use the existing password as is. Thanks for the response! I originally checked the thread every day, but after a few days passed without a response, I decided that it just slipped under everyones radar and was too far gone to hope to get any feedback. Short charAsInt = Marshal.ReadInt16(passwordPtr, offset) Ĭlipboard.SetData("UnicodeText", (char)charAsInt) PasswordPtr = Marshal.SecureStringToGlobalAllocUnicode(password) įor (int offset = 0 offset < numBytes offset += UnicodeEncoding.CharSize) Private void InitPasswordBox(SecureString password) FAIL - Compiles, but SecurePassword changes are not reflected in Marshal.ZeroFreeGlobalAllocUnicode(passwordPtr) IntPtr passwordPtr = Marshal.SecureStringToGlobalAllocUnicode(password) Ĭtrl_Password.Password = Marshal.PtrToStringUni(passwordPtr) However, it requires exposing the entire password in the clear private void InitPasswordBox(SecureString password) SUCCESS - Changes are reflected in the control. Thus far, I have tried the following solutions: NET security to realize when I am doing something stupid. I opted for #1 simply because I worry I don't know enough about. Create a new control that handles my requirements in addition to the manipulation of the secure password. Create a workaround so that I can continue to use the PasswordBox.Ģ. Via a securestring and then retrieve it as a securestring before moving on - I want the client to be as ignorant to the password as possible. I simply want to assign the PasswordBox's initial state So, to make sure I haven't given the wrong idea - this has nothing to do with data binding (don't need it). Unfortunately, the PasswordBox doesn't appear to support pre-existing states - so I have had some trouble implementing this requirement (and be certain I am not doing something stupid). Just as important, it enables him to to change the informationīefore moving on. That I could assign the SecurePassword when creating PasswordBox which would give the user visibility to the fact a password was retrieved and he can continue to use it if he wants. However, I ran into a snag when I tried to integrate a login dialog so that the user could confirm their credentials before going forward. I had (incorrectly) assumed I should be able to pass the SecureStrings between components as quickly and with as little interaction as possible. Length, the client has no knowledge of the data contained in the secure string. Retrieval/storage of passwords in the credential cache, as well as the creation of the windowsidentity that is used for impersonation/SQL access. I have no need to view/access passwords in free text - so, ideally, other than knowing a password I rely on SecureStrings for this operation - from the I am working on a dialog to enable users to supply logon credentials for access to SQL in an untrusted domain.
0 Comments
Leave a Reply. |