SecureString usage

最新推荐文章于 2025-08-15 09:41:23 发布
最新推荐文章于 2025-08-15 09:41:23 发布
阅读量663 收藏
点赞数
文章标签: passwords string class character application .net
本文介绍了如何利用.NET 2.0中的SecureString类来安全地在内存中存储敏感信息,如密码或连接字符串等。文章详细阐述了通过逐字符设置SecureString值的方法,并提供了从SecureString中检索值的示例代码。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Getting and Setting a SecureString in .NET 2.0

SecureString Class
A nice new addition to the .NET 2.0 Framework is the SecureString class making it safe to store sensitive information in memory (e.g. passwords, connection strings). This class takes care of encrypting this information but the class does not provide a very straightforward method for getting and setting its value.

Since the actual value of the string is NOT stored in the memory space of your process it is not really a "managed" value so a bit of marshaling is required to work with it.

Setting a SecureString's value
Fortunately, it is rather easy to set the value of a SecureString ... but it has to be character by character. I assume the reason for this is because you really should not be using any transient/temporary variable to load the data into the SecureString. That would pretty much defeat its purpose. However, there will come a time when you want to set the value of the SecureString FROM another string. That much is simple:

SecureString securePassword = new SecureString();
string insecurePassword = "password";

foreach(char passChar in insecurePassword.ToCharArray()) {
    securePassword.AppendChar(passChar);
}



The above code simply iterates through the characters in the string and appends them to the SecureString.

Getting a SecureString's value
It is as difficult, however, to retrieve the value from a SecureString as it was simple to set it. Since the value of the SecureString is not in the application's process space your code has to interact with it via a pointer to a BSTR:

IntPtr passwordBSTR = default(IntPtr);

try {
    passwordBSTR = Marshal.SecureStringToBSTR(securePassword);
    insecurePassword = Marshal.PtrToStringBSTR(passwordBSTR);
} catch {
    insecurePassword = "";
}

This code uses the Marshal static class to retrieve the value of the SecureString into a BTRS and returns its pointer. Next, again using the Marshal class to reads the BSTR into a managed string vairable to be used at will.

Is this secure?
No ... not really. It should be apparent by now that you are taking the value out of a secure, encrypted memory location and putting it right back into an insecure, unencrypted location.

 

(from http://jasondotnet.spaces.live.com/Blog/cns!BD40DBF53845E64F!148.entry)

liuchenyu221
关注
C#编写远程关机程序
01-20
Console.WriteLine("Usage: RemoteShutdown.exe <hostname> <username> <password>"); return; } string hostname = args[0]; string username = args[1]; string password = args[2]; // 创建安全字符串 ...
How to properly convert SecureString to String
张彤的专栏
06-18 1093
It feels like forever since SecureString has been introduced in the .Net Framework and yet I keep seeing it being mishandled, in particular by code that returns or receives passwords in clear text, so
User Credentials CommandDialog with SecureString password
张彤的专栏
06-17 1183
Since I was working on authentication in a Winform client application, one of the common scenarios is “credential gathering”. This is typically a dialog that asks the user credentials when logging on
Powershell之New-SelfSignedCertificate命令创建自签名证书
★【World Of Moshow 郑锴】★
05-22 7681
什么是New-SelfSignedCertificate The New-SelfSignedCertificate cmdlet creates a self-signed certificate for testing purposes. 其实New-SelfSignedCertificate就是powershell自带的命令,用来创建一个自签证的证书,作为测试用途。有时候局域网做一些https等等之类的需要安全证书,就可以生成了。 输入类型是可以传送到 cmdlet 的对象的类型—— Microsof
Deploy Azure Stack PoC
Denny Duan's Technical World / 技术成就梦想改变生活。
03-07 837
To deploy the Azure Stack POC, you first need to download the deployment package, prepare the deployment machine, and then run the PowerShell deployment script.Download and extract Microsoft Azure Sta
[SharePoint] SharePoint 错误集 2
weixin_30938149的博客
11-29 2451
1 Run command “New-SPConfigurationDatabase" Feature Description: error message popup after run function “New-SPConfigurationDatabase". 1.1 Category Code error 1.2 Exception and Phenomena pipeline...
创建数字证书以及使用数字签名对UWP应用包签名
EricJeffrey的博客
05-30 4058
目录创建数字签名创建自签名证书确定待打包应用的颁发者(Subject)使用 New-SelfSignedCertificate 命令创建证书导出证书打包应用程序使用SignTool进行签名使用SignTool确定哈希算法对APP进行签名常见错误及解决 注:本文主要译自MSDN官方文档,如有不恰当指出欢迎评论区提出。英语OK的建议参考官方链接:Sign an app package using Si...
PKI安全框架之Certificate数字证书(二)——New-SelfSignedCertificate构建
morliz的博客
07-25 1452
X509证书和Windows证书管理机制解析
Microsoft Teams Voice语音落地系列-4-外传2-界面配置语音路由
qq_38461703的博客
07-03 220
语音路由策略是整个Teams语音落地的关键部分,一旦分配了这个策略,Teams用户的拨号盘就会显示出来供用户使用 对上一节中,我们通过Teams管理中心把拨号计划创建出来,并分配给用户。这一节我们还是使用管理界面来进行Teams语音路由配置,首先要简单讲一下配置的逻辑: 1) 用户拨打了一个美国号码,通过Dial Plan转换成 +1 800 642 7676 2) Teams判断是否有Voice Routing Policy分配到该用户, 以下简称VRP 3) 若有分配特定的VRP,则会...
sharepoint 修改windows 凭据管理器
lingpaoershiyishiji的专栏
01-31 2151
控制面板\所有控制面板项\凭据管理器 Credential Managementwith the .NET Framework 2.0 Kenny Kerr January 2006 Applies to:    Microsoft .NET Framework 2.0    .NET Framework Security    Windows XP Summary: Ge
C# 实现自签名证书的详细步骤
在实际操作中,创建自签名证书的完整过程会涉及到更多的步骤,例如创建证书请求,设置证书属性,如Subject Key Identifier,以及可能的Key Usage和Enhanced Key Usage扩展。此外,为了确保安全性,通常还会设置证书...
咦 刚刚网页怎么崩了 我们说到 昨天你发我的架构:”E:\ProjectEcosystem\ ├── ProjectMonitor\ # 项目监控系统 │ ├── monitor.py │ ├── state_analyzer.py │ └── project_state.db │ ├── InnovationHub\ # 创新管理系统 │ ├── idea_capture.py │ ├── evaluator.py │ ├── roadmap_generator.py │ └── backlog\ # 想法存储目录 │ └── AI_Agents\ # 智能体项目(独立存在) ├── main_agent.py └── ... E:\ProjectEcosystem\ProjectMonitor\ ├── MyWebApp/ │ ├── src/ # 源代码目录 │ ├── docs/ # 文档目录 │ ├── tests/ # 测试代码 │ ├── config/ # 配置文件 │ ├── logs/ # 日志文件 │ ├── .gitignore # Git忽略规则 │ └── MyWebApp.code-workspace # VS Code工作区文件 E:\ProjectEcosystem\ └── ProjectMonitor/ ├── Initialize-DevEnv.ps1 # 项目初始化脚本 ├── Monitor-Project.ps1 # 项目监控脚本 ├── project_monitor.log # 监控日志 ├── EcoMonitor/ # 示例项目 ├── DataAnalysis/ # 另一个项目 └── ... # 更多项目 和我们的进度:”PS C:\Users\Administrator> PS C:\Users\Administrator> # 步骤1: 导航到项目目录 >> cd E:\ProjectEcosystem\ProjectMonitor >> >> # 步骤2: 创建新项目 >> .\Initialize-DevEnv.ps1 >> Initialize-Project -ProjectName "EcoMonitor" -ProjectType "node" >> >> # 步骤3: 启动项目监控 >> .\Monitor-Project.ps1 >> Export-ModuleMember : 只能从模块内调用 Export-ModuleMember cmdlet。 所在位置 E:\ProjectEcosystem\ProjectMonitor\Initialize-DevEnv.ps1:199 字符: 1 + Export-ModuleMember -Function Initialize-Project + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (:) [Export-ModuleMember], InvalidOperationException + FullyQualifiedErrorId : Modules_CanOnlyExecuteExportModuleMemberInsideAModule,Microsoft.PowerShell.Commands.Expo rtModuleMemberCommand Initialize-Project : 无法将“Initialize-Project”项识别为 cmdlet、函数、脚本文件或可运行程序的名称。请检查名称的拼写, 如果包括路径,请确保路径正确,然后再试一次。 所在位置 行:6 字符: 1 + Initialize-Project -ProjectName "EcoMonitor" -ProjectType "node" + ~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (Initialize-Project:String) [], CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException PS E:\ProjectEcosystem\ProjectMonitor> .\Initialize-DevEnv.ps1 >> Export-ModuleMember : 只能从模块内调用 Export-ModuleMember cmdlet。 所在位置 E:\ProjectEcosystem\ProjectMonitor\Initialize-DevEnv.ps1:199 字符: 1 + Export-ModuleMember -Function Initialize-Project + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (:) [Export-ModuleMember], InvalidOperationException + FullyQualifiedErrorId : Modules_CanOnlyExecuteExportModuleMemberInsideAModule,Microsoft.PowerShell.Commands.Expo rtModuleMemberCommand PS E:\ProjectEcosystem\ProjectMonitor> code .\MyWebApp\MyWebApp.code-workspace >> PS E:\ProjectEcosystem\ProjectMonitor> # 在项目初始化函数中添加 >> function Initialize-Project { >> # ... 其他代码 ... >> >> # 创建信任锚文件 >> $trustAnchorDir = Join-Path $env:APPDATA "Code/User/WorkspaceStorage" >> $trustAnchorFile = Join-Path $trustAnchorDir "trusted-workspaces.json" >> >> if (-not (Test-Path $trustAnchorFile)) { >> New-Item -Path $trustAnchorFile -Force | Out-Null >> Set-Content $trustAnchorFile '{"$mid":1,"folders":{}}' >> } >> >> # 添加当前项目到信任列表 >> $trusted = Get-Content $trustAnchorFile | ConvertFrom-Json >> $projectHash = (Get-FileHash -Algorithm SHA256 -InputStream ([IO.MemoryStream]::new([Text.Encoding]::UTF8.GetBytes($projectDir)))).Hash >> $trusted.folders | Add-Member -NotePropertyName $projectHash -NotePropertyValue @{ >> "trusted" = $true >> "uri" = [Uri]::new($projectDir).AbsoluteUri >> } -Force >> >> $trusted | ConvertTo-Json -Depth 10 | Set-Content $trustAnchorFile >> >> # ... 其他代码 ... >> } >> PS E:\ProjectEcosystem\ProjectMonitor> # 修改最后打开项目的命令 >> Write-Host "🛠 Open project in VS Code with:" -ForegroundColor Cyan >> Write-Host " code --trust '$ProjectName.code-workspace'" -ForegroundColor Yellow >> 🛠 Open project in VS Code with: code --trust '.code-workspace' PS E:\ProjectEcosystem\ProjectMonitor> # 打开项目时添加 --trust 参数 >> code --trust .\MyWebApp\MyWebApp.code-workspace >> Warning: 'trust' is not in the list of known options, but still passed to Electron/Chromium. PS E:\ProjectEcosystem\ProjectMonitor> %APPDATA%\Code\User\WorkspaceStorage\trusted-workspaces.json %APPDATA%\Code\User\WorkspaceStorage\trusted-workspaces.json : 无法加载模块“%APPDATA%”。有关详细信息,请运行“Import- Module %APPDATA%”。 所在位置 行:1 字符: 1 + %APPDATA%\Code\User\WorkspaceStorage\trusted-workspaces.json + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (%APPDATA%\Code\...workspaces.json:String) [], CommandNotFoundException + FullyQualifiedErrorId : CouldNotAutoLoadModule PS E:\ProjectEcosystem\ProjectMonitor> { >> "$mid": 1, >> "folders": { >> "SHA256_HASH_OF_PROJECT_PATH": { >> "trusted": true, >> "uri": "file:///path/to/project" >> } >> } >> } >> 所在位置 行:2 字符: 9 + "$mid": 1, + ~ 表达式或语句中包含意外的标记“:”。 所在位置 行:4 字符: 34 + "SHA256_HASH_OF_PROJECT_PATH": { + ~ 表达式或语句中包含意外的标记“:”。 所在位置 行:5 字符: 16 + "trusted": true, + ~ 表达式或语句中包含意外的标记“:”。 + CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordException + FullyQualifiedErrorId : UnexpectedToken PS E:\ProjectEcosystem\ProjectMonitor> function Initialize-Project { >> param( >> [Parameter(Mandatory=$true)] >> [string]$ProjectName, >> >> [ValidateSet("web", "python", "node", "dotnet")] >> [string]$ProjectType = "web", >> >> [string]$RootPath = "E:\ProjectEcosystem\ProjectMonitor" >> ) >> >> # ... 项目创建代码 ... >> >> # 信任锚处理 >> $trustAnchorDir = Join-Path $env:APPDATA "Code/User/WorkspaceStorage" >> New-Item -ItemType Directory -Path $trustAnchorDir -Force | Out-Null >> $trustAnchorFile = Join-Path $trustAnchorDir "trusted-workspaces.json" >> >> # 创建或更新信任锚文件 >> $trusted = @{"`$mid"=1; "folders"=@{}} >> if (Test-Path $trustAnchorFile) { >> $trusted = Get-Content $trustAnchorFile | ConvertFrom-Json -AsHashtable >> } >> >> # 添加当前项目 >> $projectHash = (Get-FileHash -Algorithm SHA256 -InputStream ( >> [IO.MemoryStream]::new([Text.Encoding]::UTF8.GetBytes($projectDir)) >> )).Hash >> >> $trusted.folders[$projectHash] = @{ >> "trusted" = $true >> "uri" = [Uri]::new($projectDir).AbsoluteUri >> } >> >> $trusted | ConvertTo-Json -Depth 10 | Set-Content $trustAnchorFile >> >> # 输出打开命令 >> Write-Host "✅ Project '$ProjectName' created at: $projectDir" -ForegroundColor Green >> Write-Host "🛠 Open project securely with:" -ForegroundColor Cyan >> Write-Host " code --trust '$ProjectName.code-workspace'" -ForegroundColor Yellow >> } >> PS E:\ProjectEcosystem\ProjectMonitor> # 为每个项目创建专用用户 >> $secureUser = "user_$ProjectName" >> New-LocalUser -Name $secureUser -Password (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) >> Name Enabled Description ---- ------- ----------- user_ True PS E:\ProjectEcosystem\ProjectMonitor> # 限制项目资源访问 >> New-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" ` >> -Name "DisableRestrictedAdmin" ` >> -Value 0 ` >> -PropertyType DWORD ` >> -Force >> DisableRestrictedAdmin : 0 PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control PSChildName : Lsa PSDrive : HKLM PSProvider : Microsoft.PowerShell.Core\Registry PS E:\ProjectEcosystem\ProjectMonitor> # 添加自动安全扫描 >> Start-Job -ScriptBlock { >> & "C:\Program Files\Windows Defender\MpCmdRun.exe" -Scan -ScanType 3 -File $using:projectDir >> } >> Start-Job : 无法检索 using 变量 '$using:projectDir' 的值,因为未在本地会话中设置该变量。 所在位置 行:2 字符: 1 + Start-Job -ScriptBlock { + ~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [Start-Job],RuntimeException + FullyQualifiedErrorId : UsingVariableIsUndefined,Microsoft.PowerShell.Commands.StartJobCommand PS E:\ProjectEcosystem\ProjectMonitor> cd .\MyWebApp >> git init >> git add . >> git commit -m "Initial commit" >> Initialized empty Git repository in E:/ProjectEcosystem/ProjectMonitor/MyWebApp/.git/ Author identity unknown *** Please tell me who you are. Run git config --global user.email "you@example.com" git config --global user.name "Your Name" to set your account's default identity. Omit --global to set the identity only in this repository. fatal: unable to auto-detect email address (got 'Administrator@BF-202503252000.(none)') PS E:\ProjectEcosystem\ProjectMonitor\MyWebApp> # 保存所有工作后执行: >> rundll32.exe powrprof.dll,SetSuspendState 0,1,0 >> PS E:\ProjectEcosystem\ProjectMonitor\MyWebApp>“ 我们现在应该干什么 “
08-14
根据之前的对话历史和当前状态,我们需要解决以下几个关键问题: 1. PowerShell脚本作为模块的正确导出方式(解决Export-ModuleMember错误) 2. VS Code工作区信任问题(避免每次打开都需要确认信任) ...
c# 代码实现 访问SMB加密的共享文件
05-17
public int Usage; public string LocalName; public string RemoteName; public string Comment; public string Provider; } } ``` 上面的代码使用了Windows API函数`WNetAddConnection2`和`...
基于.net高校财务管理系统/c#/asp.net/sql server 设计开发
weixin_47958760的博客
08-12 497
基于.net高校财务管理系统/c#/asp.net/sql server 设计开发
.NET MAUI框架编译Android应用流程
VBP_2025的博客
08-12 1064
NET MAUI (Multi-platform App UI) 是微软推出的跨平台应用开发框架,允许开发者使用C#和XAML创建可在Windows、macOS、iOS和Android上运行的原生应用。本文档将详细介绍如何使用.NET MAUI编译Android应用。
基于.net、C#、asp.net、vs的保护大自然网站的设计与实现
最新发布
m0_73706453的博客
08-15 123
基于.net、C#、asp.net、vs的保护大自然网站的设计与实现
.NET 在鸿蒙系统(HarmonyOS Next)上的适配探索与实践
YF云飞的博客
08-14 920
本文详细介绍了将.NET NativeAOT运行时适配到鸿蒙系统的完整技术方案。针对鸿蒙系统的安全限制(禁止JIT、内存执行限制等),项目团队通过修改NativeAOT源码、移植第三方库、优化内存管理等手段,成功解决了syscall限制、mmap内存申请过大、ICU初始化失败等关键技术难题。文章不仅提供了完整的适配原理和解决方案,还包含具体的源码修改指南和相关资源链接,为开发者将.NET应用迁移到鸿蒙系统提供了重要参考。目前项目已实现Avalonia框架在鸿蒙真机上的流畅运行,性能达到可用水平。
记一次 .NET 某汽车控制焊接软件 卡死分析
一线码农的专栏
08-12 378
这次卡死事故原因是安全软件介入了 GC 过程,让 STW 迟迟得不到结束,哎,窗体类程序的生存环境举步维艰啊。。。
c#,vb.net全局多线程锁,可以在任意模块或类中使用,但尽量用多个锁提高效率
08-12 532
语法上,模块中的可以被其他模块 / 类访问使用。设计上,应尽量避免全局共享一把锁,建议锁对象与被保护资源一一对应,并限制其访问范围(优先Private),以提高并发性能和代码可维护性。
USB HID Usage Tables v1.12:设备类定义与参考
HID Usage表格由USB Implementers' Forum发布,这是一群专注于USB技术的公司和个人组成的组织,负责制定和更新USB标准。该文档的最新版本是1.12,发布于2005年1月21日。贡献者包括来自ELO Touchsystems、LCS/...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值