SecurePasswordTextBox - A textbox that uses the SecureString class

In a previous post, I mentioned that I was working on a small side project to develop a version of a standard Winforms textbox control that utilises the SecureString class from the System.Security namespace in .Net V2. Well I have finally released this 'SecurePasswordTextBox' control for others to use and comment upon. It comes with full source code so you can see what I have done. Note that I have not done anything particularly elegant in the way it handles textual input, however its small, and works for the very brief testing I performed.

Note that this is something I have been tinkering with as I continuing to write the last chapter I have due for the upcoming 'Beginning AJAX with ASP.NET' book, hence why not too much testing has gone into it. I kind of poke around in this little pet project for a while when my head gets too full of book writing and needs a quick break.

I really wanted this for my own (yet another) personal project of moving my password manager application which I wrote way back in .Net V1.1 days (oh how I remember.....). In its new incarnation as a .net V2 app, I wanted to utilise the SecureString class to hold the password instances, but its not that easy getting text into it via a windows forms app, without using a standard form of input. None of which supports the SecureString. So, I wrote this little control.

You can download it here ( http://www.theglavs.com/DownloadItem.aspx?FileID=46 ).

I'd love to hear any feedback, or even if you just find it useful. If you happen to do any bug fixes, or have any suggestions I'd be particularly interested in those.

It doesn't come with any documentation. you simply drag it into a form and use it like a textbox. It does NOT display any textual entry, but rather uses whatever is defined in the 'PasswordChar' property field to display when you have typed a character. Ifno character is defined, then it defaults to an asterisk.

You can access the contents of whatever is input via 2 new properties.

'SecureText' - is an instance of the SecureString class with whatever data has been entered into it.
'CharacterData' - is a byte array that will return the characters held within the SecureStrig instance as a byte array. Not as safe as using the SecureString instance, but more for convenience.

The source code comes with a very minimalistic demo app to show you how to use it.

P.S. Add the control to your control toolbox to mkae things easier at design time.


8 Comments

  • Thank you Paul for sharing ;)

  • Good stuff Glav. I just started playing with the control, and notice there was an issue with over-writing selected text. You don't seem to be tracking whether text in the textbox is highlighted for an over-write, and text gets added to the SecureString even when it should have been substituted for the current string. Other than that, nice work.

  • Thanx Guys.



    As for the overwriting issue, yeah my testing is minimal so I'll have a look and fix it up. Shouldn't be too hard.



    Thx for letting me know.

  • Does this control have the functionality of preventing keylogging (anti-keylogging) ?

  • No, it currently doesn't prevent any keylogging. I dont have any immediate plans to implement this, but may do so in future if time permits -or- someone else may take this up... :-)

  • I've just downloaded and incorporated this as well. Terrific! Thanks. I have also encountered the overwriting issue, especially when I use cntl-V to paste in text.

    Thoughts as to a quick fix? erhm@flash.net

  • Unfortunately no quick fix as I haven't spent much time with the control lately. if you come up with a code fix, I'd be more than happy to incorporate it.

  • To avoid overwrite issue, I just disabled pasting from the clipboard altogether by adding this code snippet I found.

    private const int WM_PASTE = 0x0302;
    private const int WM_CONTEXTMENU = 0x7b;

    protected override void WndProc(ref Message m)
    {
    switch (m.Msg)
    {
    case WM_PASTE:
    case WM_CONTEXTMENU:
    break;
    default:
    {
    base.WndProc(ref m);
    break;
    }
    }
    }

    It also disables the right-click menu.

Comments have been disabled for this content.