<< Unit Testing Layer | Home | In San Antonio!!! >>

Securing Confidential Strings in ASP.NET 2.0

How do you keep your confidential strings, confidential? Let's say that you get the password from the user and you need to send the password between different layers. It is not a good idea to play around with the password without encryption. In ASP.NET 2.0 Microsoft introduces SecureString class which can be used to encrypt the string. Check out the code below which shows how you can encrypt and decrypt the strings.

public static SecureString EncryptedPassword(string password)
        {
            SecureString secureString = new SecureString();

            foreach (char in password.ToCharArray())
            {
                secureString.AppendChar(c);
            }

            return secureString;
        }

        public unsafe static string DecryptSecureString(SecureString ss)
        {
            IntPtr Intptr = Marshal.SecureStringToBSTR(ss);
            string myRegularString = Marshal.PtrToStringUni(Intptr);
            return myRegularString;
        }

Since, I am using the unsafe keyword you need to build the application with compile unsafe = true. This can be done by right click on the ClassLibrary project and selecting properties and in check in the build options.   

powered by IMHO 1.3

Print | posted @ Thursday, May 25, 2006 12:43 PM

Twitter