1

I would like to convert a SecureString to an IntPtr. Until now, in .net 4.7 I was using this way:

try
{
    IntPtr bstr1 = IntPtr.Zero;
    bstr1 = Marshal.SecureStringToBSTR(ss1);
}
finally
{
    if (bstr2 != IntPtr.Zero) Marshal.ZeroFreeBSTR(bstr2);
    if (bstr1 != IntPtr.Zero) Marshal.ZeroFreeBSTR(bstr1);
}

But I am trying to convert this project to .net standard 1.6, but the method is not available in Marshal type.

So I would like to know how to convert the SecureString to IntPtr in .net standard.

Thanks.

Álvaro García
  • 18,114
  • 30
  • 102
  • 193
  • These are Win32 API functions which, obviously, aren't available in other OSs like Linux. That's why they don't appear in .NET Standard. *Why* are you trying to use them at all though? .NET has its own [SecureString](https://www.nuget.org/packages/System.Security.SecureString/) that requires .NET Standard 1.3. The [class itself](https://msdn.microsoft.com/en-us/library/system.security.securestring.aspx) is available since .NET 2.0 – Panagiotis Kanavos Jun 14 '17 at 10:51
  • Really in this case I would like to convert the SecureString in an IntPtr to compare two SecureStrings and to know if they are the same string or not (the common task when you have to rewrite the password twice when you want to change it, for example). – Álvaro García Jun 14 '17 at 11:02
  • Rumor has it that this method will be available in .NETStandard 2.0. Fairly mysterious btw, I don't really understand why they add methods that can never work on Linux and MacOS. Then again, I don't understand why anybody would use .NETCore either when their program is so heavily married to Windows. Hopefully some day I'll figure it out. – Hans Passant Jun 14 '17 at 11:42
  • 1
    I have found that SecureStringMarshal.SecureStringToCoTaskMemAnsi() allows to do that, and there are three more methods in SecureStringMarshal the it seems to do the same. I don't know the differences between them. – Álvaro García Jun 14 '17 at 11:48
  • 1
    I found the string allocation methods in the [SecureStringMarshal](https://github.com/dotnet/coreclr/blob/e74cdcb1ed6021eaf03eea5ee7f6ba3c6b403daf/src/mscorlib/corefx/System/Security/SecureStringMarshal.CoreCLR.cs) class. The Zeroing classes should be *somewhere*. – Panagiotis Kanavos Jun 14 '17 at 11:54

0 Answers0