Geeks With Blogs
AzamSharp Some day I will know everything. I hope that day never comes.

How do you keep your confidential strings, confidential? Let's say that you get the password from the user and you need to send the password between different layers. It is not a good idea to play around with the password without encryption. In ASP.NET 2.0 Microsoft introduces SecureString class which can be used to encrypt the string. Check out the code below which shows how you can encrypt and decrypt the strings.

public static SecureString EncryptedPassword(string password)
            SecureString secureString = 
new SecureString();

foreach (char in password.ToCharArray())

return secureString;

public unsafe static string DecryptSecureString(SecureString ss)
            IntPtr Intptr = Marshal.SecureStringToBSTR(ss);
string myRegularString = Marshal.PtrToStringUni(Intptr);
return myRegularString;

Since, I am using the unsafe keyword you need to build the application with compile unsafe = true. This can be done by right click on the ClassLibrary project and selecting properties and in check in the build options.   

powered by IMHO 1.3

Posted on Thursday, May 25, 2006 12:43 PM | Back to top

Comments on this post: Securing Confidential Strings in ASP.NET 2.0

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Mohammad Azam | Powered by: