Bug 44109 - NetworkCredential does not convert SecureString
Summary: NetworkCredential does not convert SecureString
Alias: None
Product: Class Libraries
Classification: Mono
Component: System (show other bugs)
Version: unspecified
Hardware: PC Linux
: High normal
Target Milestone: Untriaged
Assignee: Alexander Köplinger [MSFT]
Depends on:
Reported: 2016-09-08 13:31 UTC by Menno
Modified: 2016-11-04 13:04 UTC (History)
2 users (show)

See Also:
Is this bug a regression?: ---
Last known good build:


Description Menno 2016-09-08 13:31:26 UTC
In this file on GitHub https://github.com/mono/mono/blob/master/mcs/class/System/System.Net/NetworkCredential.cs 
the implementation does not convert the SecureString password to the decrypted Password.

Many code snippets suggest using the following to get the decrypted string from a SecureString `encrypted`:

    string decrypted = new System.Net.NetworkCredential(string.Empty, encrypted).Password;

As can be seen in the code above, this would not do anything in the Mono implementation of NetworkCredential.

Fortunately, the following works on Mono:

string decrypted;
IntPtr unmanagedString = IntPtr.Zero;
  unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(encrypted);
  decrypted = Marshal.PtrToStringUni(unmanagedString);

It might be nice to implement this in NetworkCredential as well.
Comment 1 Marek Safar 2016-10-27 12:21:02 UTC
Another related issue https://github.com/NuGet/Home/issues/3763
Comment 2 Alexander Köplinger [MSFT] 2016-11-04 13:04:38 UTC
Fixed in Mono master/c3b6638688417bc385da743ab965f5dd6d2ed592 and mono-4.8.0-branch/f4b4f97fc8353cae364711f56ad50d11ab467049

Note You need to log in before you can comment on or make changes to this bug.