Bug 44109

Summary: NetworkCredential does not convert SecureString
Product: [Mono] Class Libraries Reporter: Menno <mennodeij>
Component: SystemAssignee: Alexander Köplinger [MSFT] <alkpli>
Status: RESOLVED FIXED    
Severity: normal CC: masafa, mono-bugs+mono
Priority: High    
Version: unspecified   
Target Milestone: Untriaged   
Hardware: PC   
OS: Linux   
Tags: Is this bug a regression?: ---
Last known good build:

Description Menno 2016-09-08 13:31:26 UTC
In this file on GitHub https://github.com/mono/mono/blob/master/mcs/class/System/System.Net/NetworkCredential.cs 
the implementation does not convert the SecureString password to the decrypted Password.

Many code snippets suggest using the following to get the decrypted string from a SecureString `encrypted`:

    string decrypted = new System.Net.NetworkCredential(string.Empty, encrypted).Password;

As can be seen in the code above, this would not do anything in the Mono implementation of NetworkCredential.

Fortunately, the following works on Mono:

string decrypted;
IntPtr unmanagedString = IntPtr.Zero;
try
{
  unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(encrypted);
  decrypted = Marshal.PtrToStringUni(unmanagedString);
}
finally
{
  Marshal.ZeroFreeGlobalAllocUnicode(unmanagedString);
}

It might be nice to implement this in NetworkCredential as well.
Comment 1 Marek Safar 2016-10-27 12:21:02 UTC
Another related issue https://github.com/NuGet/Home/issues/3763
Comment 2 Alexander Köplinger [MSFT] 2016-11-04 13:04:38 UTC
Fixed in Mono master/c3b6638688417bc385da743ab965f5dd6d2ed592 and mono-4.8.0-branch/f4b4f97fc8353cae364711f56ad50d11ab467049