How to convert string into Secure string in C#
By FoxLearn 3/5/2025 9:25:27 AM 732
Importantly, SecureString
objects are automatically erased from memory when no longer needed, minimizing exposure to potential security threats.
Here's an extension method in C# that constructs a SecureString
from a plain string
// c# convert string to securestring public static class SecureStringExtensions { // c# extension method to convert string to SecureString public static SecureString ToSecureString(this string plainString) { if (plainString == null) throw new ArgumentNullException(nameof(plainString)); // convert string to securestring c# SecureString secureString = new SecureString(); foreach (char c in plainString) secureString.AppendChar(c); // make the SecureString immutable secureString.MakeReadOnly(); return secureString; // c# securestring } }
You can easily call SecureString
directly on the string.
// c# string to securestring string password = "mySecurePassword123"; SecureString securePassword = password.ToSecureString(); // c# string to secure string // Ensure the SecureString is cleared from memory when no longer needed securePassword.Dispose();
The SecureStringExtensions
is a static class contains an extension method ToSecureString that extends the functionality of the string type.
Use the ToSecureString
extension method takes a plain string as input and converts it into a SecureString. It iterates over each character in the input string and appends it to the SecureString.
If you want to convert a secure string into a normal plain text string you can use NetworkCredential
in C#
string plainString = new System.Net.NetworkCredential(string.Empty, securePassword).Password;
- How to use JsonConverterFactory in C#
- How to serialize non-public properties using System.Text.Json
- The JSON value could not be converted to System.DateTime
- Try/finally with no catch block in C#
- Parsing a DateTime from a string in C#
- Async/Await with a Func delegate in C#
- How to batch read with Threading.ChannelReader in C#
- How to ignore JSON deserialization errors in C#