Using credentials based on a SecureString that is disposed

Today I was building a credential store API. One implementation against the Windows Credentials Manager (CredMan), the other one persisting information in a database. Of course the data is not persisted in clear text. I use either the MachineKey functionality or a RSA certificate based encryption.

So far so good, but I want the passwords to be secure in memory to. The .NET Framework already has a Type built in for that purpose: SecureString

The SecureString class implements the IDisposable interface and having a property in a class of that type means losing control of the destruction.

The implementation will return ICredentials instances to authenticate mostly web requests or provide proxy authentication. So I created a test to figure out how the combination of NetworkCredential and SecureString behaves.

All green – It’s possible to use a NetworkCredential object that is constructed with a SecureString even after the SecureString has been disposed.

Looking inside the credential object using redgate's Reflector reveals that NetworkCredential internally uses the copy method to clone the SecureString. When a normal string is passed to the constructor it is wrapped into a SecureString also.

Sadly the NetworkCredential class does not implement IDisposable. So the issue is carried out to the user code.

Keep in mind: When using NetworkCredential to call SecurePassword.Dispose() after the credentials aren’t required any more!

Comments are closed