none
How to convert string to SecureString? RRS feed

  • Question

  • I want to pass a string password in System.Diagnostics.Process.Start.

    The problem is that the defined password parameter is SecureString not string while my password is string.

    Normal casting evaluates to errors.

    Please how to cast string to SecureString?

    Many Thanks in Advance.

    Bishoy
    Wednesday, August 23, 2006 4:08 PM

Answers

  • try this,

    SecureString theSecureString = new SecureString();

    theSecureString.AppendChar('h');

     

    then give this object to the StartInfo.Password property:

     

    theProcessStartInfo.Password = theSecureString;

    does this help?

    Wednesday, August 23, 2006 4:34 PM
    Moderator

All replies

  • try this,

    SecureString theSecureString = new SecureString();

    theSecureString.AppendChar('h');

     

    then give this object to the StartInfo.Password property:

     

    theProcessStartInfo.Password = theSecureString;

    does this help?

    Wednesday, August 23, 2006 4:34 PM
    Moderator
  • Hi,

     

    I am trying to write a service, that would fire up Outlook window for new mail (if something happen). The service is running as Local System so i think I should call new outlook window as existing user. I have command:

    System.Diagnostics.Process.Start("mailto:someone@somewhere.com", (My.User.Name.ToString), pass, (System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain.ToString())

    where pass is secureString, build with appendChar.

    However it does not work. If i restart computer and trig my service than a wizard for creating new outlook use appear.

    Any Idea?

    Tnx!!!!

    PS, please answer in VB2005 if possible :)

    Friday, August 25, 2006 12:02 PM
  • you are best to use the ProcessStartInfo and modifying its properties appropriately and then start the process from that.

     



    Dim theStringBuilder as new StringBuilder()
    theStringBuilder.Append("someone@somewhere.com")
    Dim theSecureStringPassword as new SecureString()
    theSecureString.AppendChar('p')
    theSecureString.AppendChar('a')
    theSecureString.AppendChar('s')
    theSecureString.AppendChar('s')
     
    Dim theProcessInfo as new ProcessStartInfo()
    theProcessInfo.Username = username
    theProcessInfo.Password = theSecureStringPassword
    theProcessInfo.Domain = System.DirectoryServices.ActiveDirectory.Domain.GetComputerDomain.ToString()
     
    Process.Start(theProcessInfo)

     

    does this help?

    Friday, August 25, 2006 12:25 PM
    Moderator
  • tnx, it is ok, (small sysntax error in Line 3 - different name).

    but it does not solve my problem - later i realize, that you cannot open default mail client with adress to  and attachment.

    tnx a lot...
    Monday, August 28, 2006 12:08 PM
  • you cannot add attachments doing it this way, it has been disabled I believe by Windows for security reasons.

    As for the rest of the fields to add in your email, simply add this code with the existing one, you are already adding the TO address in the initial email address which was added/appended into the string builder:

     

    theStringBuilder.Append("&subject=this is the subject line")

    theStringBuilder.Append("&body=hello, this is the body text")

    Monday, August 28, 2006 12:18 PM
    Moderator
  • For the conversion from string to SecureString I found an easy way:

    string passwordPre = "Your String";
    char[] passwordChars = passwordPre.ToCharArray();
    SecureString password = new SecureString();
    foreach (char c in passwordChars)
    {
    password.AppendChar(c);
    }


    My problem now is how to execute a file with a user account other than the current user.
    See this for details:
    http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=673278&SiteID=1&mode=1

    Thank you.
    Bishoy
    • Proposed as answer by Patricia Kline Friday, October 7, 2011 2:55 PM
    Monday, August 28, 2006 12:55 PM
  •  Extension methods to the rescue...

            public static SecureString ToSecure(this string current)
            {
                var secure = new SecureString();
                foreach (var c in current.ToCharArray()) secure.AppendChar(c);
                return secure;
            }

    • Proposed as answer by tofutim Friday, May 14, 2010 9:23 PM
    Wednesday, November 11, 2009 10:40 PM
  • // this is the best solution!!! , like in the .net framework itself (wpf PasswordBox.Password)

          

      private SecureString _password;

            public string Password
            {
                [SecurityCritical]
                get
                {
                    string str;
                    using (SecureString str2 = this._password.Copy())
                    {
                        IntPtr s = Marshal.SecureStringToBSTR(str2);
                        try
                        {
                            str = new string((char*)s);
                        }
                        finally
                        {
                            Marshal.ZeroFreeBSTR(s);
                        }
                    }
                    return str;
                }

                [SecurityCritical]
                set
                {
                    if (value == null) value = string.Empty;

                    using (SecureString str = new SecureString())
                    {

                        var len = value.Length

                        for (int i = 0; i < len; i++)
                        {
                            str.AppendChar(value[i]);
                        }

                        this._password = str.Copy();
                    }
                }
            }

    and pass _password to ProcessStartInfo.Password

    about this line: new string((char*)s);

    you need to check allow unsafe code in the project properties for it to work,

    but i think this is the most direct way of initializing a string , since string only contains

    the pointer to the first char of the string

    and the the string's length

    anyway , you can also turn it into extension method



    • Proposed as answer by igalk474 Thursday, April 15, 2010 2:00 PM
    • Edited by igalk474 Monday, March 11, 2013 4:05 PM
    Thursday, April 15, 2010 1:47 PM
  • I know this is an old thread but still comes up in search results so here is a "one" liner code piece to add to the discussion:

    foreach (char c in "sample_password") { theSecureString.AppendChar(c); }
    

    • Edited by Garrek99 Wednesday, October 19, 2011 11:28 PM
    • Proposed as answer by _John Palmer_ Tuesday, November 5, 2013 5:58 AM
    Wednesday, October 19, 2011 11:28 PM