C#: Ask User for a Password which is then stored in a SecureString

Question

In the small application that I'm currently developing for a customer I need to ask the user for his windows login username, password and domain and then use those with System.Diagnostics.Process.Start to start an application.

I have a textbox with UseSystemPasswordChar to mask the entered password.

I need a System.Security.SecureString to feed the password to System.Diagnostics.Process.Start.

How do I convert the entered text to secure string while not doing it one character after another? Alternatively: Is there a better window control to ask the user for a password that returns the entered text as SecureString?

Answer 1

Try looking at the SecurePasswordTextBox custom control. Are you trying to do something similar to a "Run As" type command where you are trying to run the process as a different user than the one currently logged on? If not, you should be able to just call Process.Start and let it pick up the current users credentials.

Also, take a look at the following resources as well:

• CredUIPromptForCredentials
• CredUIPromptForWindowsCredentials (Vista and Server 2008)
• Microsoft Support article
• LogonUser Function
• LogonUserEx Function
• CreateProcessAsUser
• CreateProcessWithLogonW
• CreateProcessWithTokenW

The best option would probably be to use some interop p/inovke code to call CredUIPromptForCredentials to display the standard Windows dialog box and then use that information to either call Process.Start, or, more likely, call the CreateProcessAsUser function.

Answer 2

The reason the SecureString wants to accept one character at a time is that otherwise you would have the entire string before that and cause the string to be in memory. Thus, using a SecureString in this scenario kind of defeats the purpose.