This tutorial will show you how to secure a string using SecureString class in C#.NET
As you know, String object is a common type of C#.NET
However when working with sensitive data, the SecureString class is more suitable.
The SecureString class is located under the System.Security namespace. A string stored in a SecureString object is kept encrypted in memory
string str = "c# code"; SecureString secureStr = new SecureString(); for (int i = 0; i < str.Length; i++) secureStr.AppendChar(str[i]); secureStr.MakeReadOnly();
Creating a SecureString is not as simple as a regular string object. SecureString is created one character at a time
IntPtr p = Marshal.SecureStringToBSTR(secureStr); string str = Marshal.PtrToStringBSTR(p); Marshal.ZeroFreeBSTR(p);
Reading a SecureString is more complex. It doesn't have the ToString method, which is also intended to keep data secure.
To read the data, the C # developer must access the data directly in memory