{"id":23,"date":"2011-04-11T17:56:20","date_gmt":"2011-04-11T21:56:20","guid":{"rendered":"http:\/\/griffinscs.wordpress.com\/?p=23"},"modified":"2011-04-11T17:56:20","modified_gmt":"2011-04-11T21:56:20","slug":"securestring-soup-to-nuts-part-ii","status":"publish","type":"post","link":"https:\/\/brainslug.azurewebsites.net\/?p=23","title":{"rendered":"SecureString: Soup to Nuts, Part II"},"content":{"rendered":"<p>My last post, <a href=\"\/blog\/?p=12\">SecureString: Soup to Nuts, Part I<\/a>, dealt with some basic rules around using the SecureString class in .NET and how to prepare the secret stored inside for persistence, without exposing the clear text to a CLR type.\u00a0 In the second part, I'm going to discuss my solution for maintaining SecureString best practices, without sacrificing our MVVM design principles.\u00a0 The XAML and code provided is in WPF, but it's applicable to Silverlight, as well with minimal tinkering.<\/p>\n<p>First let's talk about <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/system.windows.controls.passwordbox.aspx\">PasswordBox<\/a>.\u00a0 The PasswordBox was designed to obscure the user-entered text, both visually and in memory.\u00a0 That is to say, visually, it's much like the old Windows Forms MaskedTextBox, except it's specifically designed for secret data, and will only expose said secret in a clear text string if asked to do so,via the <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/system.windows.controls.passwordbox.password.aspx\">Password<\/a> property.\u00a0 It's important to understand that the\u00a0Password property is only a helper that accesses the encrypted data member.\u00a0 For this reason, it is not exposed as a <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/system.windows.dependencyproperty.aspx\">DependencyProperty<\/a>.\u00a0 This is a source of frustration to developers who have no designs on a SecureString solution.\u00a0 Alas, there's no pleasing everyone, and a Password DependencyProperty would make an acceptable SecureString implementation impossible with PasswordBox.\u00a0 If you Google \"PasswordBox MVVM\" (without the quotes) you will find that the generally accepted solution for the CLR string camp, makes use of an attached property to expose a CLR string for binding.\u00a0 This effectively takes the MaskedTextBox functionality of PasswordBox, and passes on memory security.<\/p>\n<p>We want an MVVM solution that hands us a SecureString, so let's look at the <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/system.windows.controls.passwordbox.securepassword.aspx\">SecurePassword<\/a> property.\u00a0 More frustration, as this is also not a DependencyProperty.\u00a0 Before you go angrily writing an attached property to expose the SecureString, understand that this is by design, not neglect.\u00a0 The first commandment of SecureString is to dispose of it when you're finished right?\u00a0 The SecurePassword property gives us a SecureString to use one time, then dispose of it.<\/p>\n<p>The MVVM way to do this is now staring us in the face.\u00a0 We need to bind the event we're going to use to execute our users' credentials to an <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ms616869\">ICommand<\/a>.<\/p>\n<pre class=\"brush: xml; \">\n\n&lt;PasswordBox x:Name=&quot;_passwordBox&quot; ...&gt;\n        \u2026\n        &lt;PasswordBox.InputBindings&gt;\n                &lt;KeyBinding Key=&quot;Enter&quot; Command=&quot;{Binding ExecuteCredentialsCommand}&quot;\n                                 CommandParameter=&quot;{Binding ElementName=_passwordBox}&quot; \/&gt;\n            &lt;\/PasswordBox.InputBindings&gt;\n&lt;\/PasswordBox&gt;\n&lt;Button Content=&quot;Login Button Text&quot; \u2026\n        Command=&quot;{Binding ExecuteCredentialsCommand}&quot;\n        CommandParameter=&quot;{Binding ElementName=_passwordBox}&quot;\/&gt;\n<\/pre>\n<p>In this example's ViewModel, I'm using <a href=\"http:\/\/compositewpf.codeplex.com\/\">Prism<\/a>'s <a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/gg431410%28v=PandP.40%29.aspx\">DelegateCommand<\/a> implementation of ICommand.<\/p>\n<pre class=\"brush: csharp; \">\n\npublic ViewModelClassConstuctor(IRegionManager regionManager,\n\tIProxyDataProvider dataProvider)\n{\n\tExecuteCredentialsCommand = new DelegateCommand(\n\t\/\/execute method\n\tdelegate(object parameter)\n\t{\n\t\tSecureString securePassword = parameter as SecureString;\n\t\tif (parameter is PasswordBox)\n\t\t\tsecurePassword = ((PasswordBox)parameter).SecurePassword;\n\t\ttry\n\t\t{\n\t\t\t\/\/authentication\/persistence model code\n\t\t}\n\t\tfinally\n\t\t{\n                    \t\tsecurePassword.Dispose();\n\t\t}\n\n                },\n\t\/\/can execute method\n\tdelegate(object parameter)\n            {\n\t\tSecureString securePassword = parameter as SecureString;\n\t\tif (parameter is PasswordBox)\n                        \tsecurePassword = ((PasswordBox)parameter).SecurePassword;\n\t\treturn securePassword != null &amp;&amp; securePassword.Length &gt; 0 &amp;&amp;\n\t\t\t!string.IsNullOrEmpty(UserName);\n\t});\n\tCredentialsChangedCommand = new DelegateCommand(\n\tdelegate\n\t{\n\t\tExecuteCredentialsCommand.RaiseCanExecuteChanged();\n\t});\n}\n\npublic DelegateCommand ExecuteCredentialsCommand { get; private set; }\npublic DelegateCommand CredentialsChangedCommand { get; private set; }\n\n<\/pre>\n<p>There you have it.  With the code from the previous entry, you can generate a nice authentication prompt with password persistence, without sacrificing memory security or your MVVM design.  I hope this has been a helpful guide.  Please leave a comment if you liked it, have something you'd like to share, or if you thought it could have been more comprehensive.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>My last post, SecureString: Soup to Nuts, Part I, dealt with some basic rules around using the SecureString class in .NET and how to prepare the secret stored inside for persistence, without exposing the clear text to a CLR type.\u00a0 In the second part, I&#8217;m going to discuss my solution for maintaining SecureString best practices, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,1],"tags":[6,33,39,47,48,49,59,62],"_links":{"self":[{"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=\/wp\/v2\/posts\/23"}],"collection":[{"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=23"}],"version-history":[{"count":0,"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=\/wp\/v2\/posts\/23\/revisions"}],"wp:attachment":[{"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=23"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=23"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/brainslug.azurewebsites.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=23"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}