问题
In the small application that I'm currently developing for a customer I need to ask the user for his windows login username, password and domain and then use those with System.Diagnostics.Process.Start to start an application.
I have a textbox with UseSystemPasswordChar to mask the entered password.
I need a System.Security.SecureString to feed the password to System.Diagnostics.Process.Start.
How do I convert the entered text to secure string while not doing it one character after another? Alternatively: Is there a better window control to ask the user for a password that returns the entered text as SecureString?
回答1:
Try looking at the SecurePasswordTextBox custom control. Are you trying to do something similar to a "Run As" type command where you are trying to run the process as a different user than the one currently logged on? If not, you should be able to just call Process.Start and let it pick up the current users credentials.
Also, take a look at the following resources as well:
- CredUIPromptForCredentials
- CredUIPromptForWindowsCredentials (Vista and Server 2008)
- Microsoft Support article
- LogonUser Function
- LogonUserEx Function
- CreateProcessAsUser
- CreateProcessWithLogonW
- CreateProcessWithTokenW
The best option would probably be to use some interop p/inovke code to call CredUIPromptForCredentials to display the standard Windows dialog box and then use that information to either call Process.Start, or, more likely, call the CreateProcessAsUser function.
回答2:
The reason the SecureString wants to accept one character at a time is that otherwise you would have the entire string before that and cause the string to be in memory. Thus, using a SecureString in this scenario kind of defeats the purpose.
来源:https://stackoverflow.com/questions/317652/c-ask-user-for-a-password-which-is-then-stored-in-a-securestring