I have an existing SecureString that I would like to put into a PasswordBox without revealing the .Password. Can this be done? For example:
tbPassword.SecurePassword = DecryptString(Properties.Settings.Default.proxyPassword);
In this case DecryptString produces a SecureString. However, SecurePassword is a read-only property so I can't assign a value to it.
你不能。
但是,您可以做的是将占位符文本放在它的位置(它甚至可以是"placeholder",我们只是使用它来制作几个点以显示在框中)。
放入占位符后,当您在程序中某处检索“当前密码”时,首先检查PasswordChanged事件是否在您输入占位符密码后触发。如果事件尚未触发,则使用旧存储的密码,如果事件已触发,则使用来自 的SecurePassword属性的当前密码PasswordBox。
很抱歉添加晚了,但对于也参与其中的人来说,这可能是一个想法。(至少我在 2021 年最终在此页面上寻找它)
查看PasswordBox的源码,我们可以看到它的属性是如何实现的。Password 属性设置器只是将 String 复制到临时 SecureString 并将其转发到其内部存储。只读的 SecurePassword 属性返回内部 SecureString 的副本,因此调用 .Clear() / .AppendChar(char) 只会更改此副本,如果尚未调用 .MakeReadonly() 。
[TemplatePart(Name = "PART_ContentHost", Type = typeof (FrameworkElement))]
public sealed class PasswordBox : Control, ITextBoxViewHost
{
public SecureString SecurePassword => this.TextContainer.GetPasswordCopy();
[DefaultValue("")]
[DesignerSerializationVisibility(DesignerSerializationVisibility.Hidden)]
public unsafe string Password
{
[SecurityCritical] get { /* left out to reduce space */ }
[SecurityCritical] set
{
if (value == null)
value = string.Empty;
// We want to replicate this, but copy a SecureString instead of creating one from a String
using (SecureString secureString = new SecureString())
{
for (int index = 0; index < value.Length; ++index)
secureString.AppendChar(value[index]);
this.SetSecurePassword(secureString);
}
}
}
}
这可能有点棘手,但调用私有 SetSecurePassword 可能最接近于绕过转换为明文以使用密码设置器:(我们制作一个临时副本,就像在 .Password 设置器中一样,因为我们不负责管理生命周期提供的 SecureString,甚至可以是只读的)
// option 1: streight reflection
var setPasswordMethod = typeof(PasswordBox).GetMethod("SetSecurePassword", BindingFlags.NonPublic | BindingFlags.Instance, null, new[] {typeof(SecureString)}, null);
using (var copy = mySecurePassword.Copy())
setPasswordMethod.Invoke(PasswordControl, new[] {copy});
// option 2: compiled delegate so reflection will only kick in once
Action<PasswordBox, SecureString> setSecurePassword = null; // this would be a cache lookup instead of a local variable.
if (setSecurePassword == null)
{
var passwordBox = Expression.Parameter(typeof(PasswordBox), "passwordBox");
var password = Expression.Parameter(typeof(SecureString), "securePassword");
//// if we want to include code for making the temporary copy in the delegate, use this instead to create its body
//var passwordCopy = Expression.Variable(typeof(SecureString));
//var makePasswordCopy = Expression.Call(password, nameof(SecureString.Copy), Type.EmptyTypes);
//var body = Expression.Block(new[] {passwordCopy},
// Expression.Assign(passwordCopy, makePasswordCopy),
// Expression.TryFinally(
// Expression.Call(passwordBox, "SetSecurePassword", Type.EmptyTypes, passwordCopy),
// Expression.Call(Expression.Convert(passwordCopy, typeof(IDisposable)),
// nameof(IDisposable.Dispose), Type.EmptyTypes)));
var body = Expression.Call(passwordBox, "SetSecurePassword", Type.EmptyTypes, password);
setSecurePassword = Expression.Lambda<Action<PasswordBox, SecureString>>(body, passwordBox, password).Compile();
}
using (var copy = mySecurePassword.Copy()) // if we would make the copy inside the delegate, we won't need to do it here.
setSecurePassword(PasswordControl, copy);
我希望这仍然可以帮助任何人。