[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to use SecureString in the model in MVC application correctly

Posted on 2016-10-18
4
Medium Priority
?
202 Views
Last Modified: 2016-11-28
I want to use SecureString as a input type for a user input password in the view model and been looking for examples. The password is ofcourse input via the view and posted to the server via https where the view model is reconstructed. Anyone here have any good examples?
0
Comment
Question by:itnifl
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Naman Goel earned 2000 total points
ID: 41849408
you can use securestring for password. suppose we are taking password in textbox1 and storing it in securestring

When the page is accessed, there is a copy of "textbox1.text" in the memory, but it is in the memory of server side.

Usually we do not have to use SecureString in ASP.NET Apps, we use Forms Authentication and SSL to secure transmission of password and confidential information


This is the HtmlHelper extension I have come up with. I am sure it can be improved, but it achieves my goal of writing a SecureString to the Response stream without it ever being represented as a string.

public static class SecureStringHelpers
{
    public static void WriteSecureStringToResponse(this HtmlHelper helper, SecureString secureString)
    {
        if (secureString != null)
        {
            IntPtr unmanagedString = IntPtr.Zero;

            var secureByteArray = new byte[2];

            try
            {
                unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(secureString);

                var offset = 0;
                var endOfString = false;

                do
                {
                    secureByteArray[0] = Marshal.ReadByte(unmanagedString, offset);
                    offset++;
                    secureByteArray[1] = Marshal.ReadByte(unmanagedString, offset);
                    offset++;

                    if (!(secureByteArray[0] == 0 && secureByteArray[1] == 0))
                    {
                        helper.ViewContext.Writer.Write(System.BitConverter.ToChar(secureByteArray, 0));
                    }
                    else
                    {
                        endOfString = true;
                    }

                } while (!endOfString);
            }
            finally
            {
                Marshal.ZeroFreeGlobalAllocUnicode(unmanagedString);
                secureByteArray[0] = 0;
                secureByteArray[1] = 0;
            }
        }
    }

Open in new window

0
 
LVL 2

Author Comment

by:itnifl
ID: 41849479
Thank you. Could you give me an example on how you use it?
I see it is an extension method, but how exactly does the string input end in there and how do I use what you write to the response stream in the controller side?
0
 
LVL 2

Author Comment

by:itnifl
ID: 41858598
I ended up using a string as a get-set property with code where the set property stores the value as a private secure string. Maybe not entirely the way it should, but I guess the final result us a SecureString.
0
 
LVL 14

Expert Comment

by:frankhelk
ID: 41903892
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: Naman Goel (https:#a41849408)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

frankhelk
Experts-Exchange Cleanup Volunteer
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is for Object-Oriented Programming (OOP) beginners. An Interface contains declarations of events, indexers, methods and/or properties. Any class which implements the Interface should provide the concrete implementation for each Inter…
Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question