Click here to Skip to main content
15,896,606 members
Search within:


Articles / Desktop Programming / WPF
 

Passwords in WPF: How to find yours and how to prevent it being found

Rate me:
Please Sign up or sign in to vote.
4.21/5 (23 votes)
23 Nov 2008CPOL4 min read 77.9K   986   31  
How I can find your password and how to prevent it.
 
/*
SecurePasswordBox class

History:
29-09-08    1.0 First version

Visit http://blogs.ugidotnet.org/leonardo for updates
*/

using System.Windows.Controls;

namespace SecureWpfLogOn
{
    /// <summary>
    /// More secure PasswordBox based on TextBox control
    /// </summary>
    public class SecurePasswordBox : TextBox
    {
        // Fake char to display in Visual Tree
        private char PWD_CHAR = '●';

        /// <summary>
        /// Only copy of real password
        /// </summary>
        /// <remarks>For more security use System.Security.SecureString type instead</remarks>
        private string _password = string.Empty;

        /// <summary>
        /// TextChanged event handler for secure storing of password into Visual Tree,
        /// text is replaced with PWD_CHAR chars, clean text is keept into
        /// Text property (CLR property not snoopable without mod)   
        /// </summary>
        protected override void OnTextChanged(TextChangedEventArgs e)
        {
            if (dirtyBaseText == true)
                return;

            string currentText = this.BaseText;

            int selStart = this.SelectionStart;
            if (currentText.Length < _password.Length)
            {
                // Remove deleted chars          
                _password = _password.Remove(selStart, _password.Length - currentText.Length);
            }
            if (!string.IsNullOrEmpty(currentText))
            {
                for (int i = 0; i < currentText.Length; i++)
                {
                    if (currentText[i] != PWD_CHAR)
                    {
                        // Replace or insert char
                        if (this.BaseText.Length == _password.Length)
                        {
                            _password = _password.Remove(i, 1).Insert(i, currentText[i].ToString());
                        }
                        else
                        {
                            _password = _password.Insert(i, currentText[i].ToString());
                        }
                    }
                }
                this.BaseText = new string(PWD_CHAR, _password.Length);
                this.SelectionStart = selStart;
            }
            base.OnTextChanged(e);
        }

        // flag used to bypass OnTextChanged
        private bool dirtyBaseText;

        /// <summary>
        /// Provide access to base.Text without call OnTextChanged 
        /// </summary>
        private string BaseText
        {
            get { return base.Text; }
            set
            {
                dirtyBaseText = true;
                base.Text = value;
                dirtyBaseText = false;
            }
        }

        /// <summary>
        /// Clean Password
        /// </summary>
        public new string Text
        {
            get { return _password; }
            set
            {
                _password = value;
                this.BaseText = new string(PWD_CHAR, value.Length);
            }
        }
    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
Leonardo T.
Other
Italy Italy
Software Researcher at the University of Parma (Italy)

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 14 Nov 2008

Article Copyright 2008 by Leonardo T.
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-04-02:1