#956 – PasswordBox Stores Password as a SecureString

When you use the PasswordBox control to let a user enter a password, the resulting password is stored in a SecureString.  SecureString allows storing confidential data in memory in a more secure manner than is possible with the string data type.

If the security of the string entered into a PasswordBox is important, you should avoiding converting the password into a managed type.  You can access the entered password as a SecureString using the SecurePassword property, which returns a SecureString.

You can also cause the password stored in a PasswordBox to be decrypted and stored as a string by using the Password property.  Since copying the confidential data into a managed type is not as secure as letting it remain stored on the unmanaged heap, within the SecureString, you should only use the Password property if the security of the data is not critical.

#950 – PasswordBox Allows Entering a Password

You can use a PasswordBox control to allow a user to enter a password.  The PasswordBox looks like a TextBox, but shows a uniform mask character as you type, to hide the characters that you are typing.  By default, this mask character appears as a filled circle.

In the example below, the user can enter a password into the PasswordBox.  As the user enters their password, the characters are shown using the mask character.

    <StackPanel>
        <StackPanel Orientation="Horizontal" Margin="10">
            <Label Content="Password:"/>
            <PasswordBox Name="pwbPassword"
                         Width="150" Margin="5,0"/>
        </StackPanel>
        <Button Content="Show everybody my Password"
                HorizontalAlignment="Center"
                Padding="10,5"
                Click="Button_Click"/>
    </StackPanel>

950-001
You can read the contents of a PasswordBox by reading its Password property.  This property is just a string containing the password that they entered.

        private void Button_Click(object sender, RoutedEventArgs e)
        {
            MessageBox.Show(pwbPassword.Password);
        }

950-002

#539 – Adding Text-Based Elements in Blend

You can add text-based controls to your user interface by clicking on one of the related icons on the tools panel in Blend.

If you left-click and hold on the TextBlock icon on the tools panel, or right-click, you’ll see a series of controls that you can insert by clicking on the icon at this location in the tools panel.

  • TextBlock – Displays a small amount of text.  Similar to Label, but more lightweight (e.g. can’t customize with templates)
  • TextBox – Displays some user-editable text
  • RichTextBox – Displays user-editable text and allows for more rich formatting
  • PasswordBox – Allows user to enter a password, hiding the characters entered
  • Label – Displays a small amount of text
  • FlowDocumentScrollViewer – Host a FlowDocument to display an entire document, with support for scrolling

Select the control from this list that you want and then double-click the icon on the tools panel to insert an instance into your user interface.