BlackWaspTM
Home
Articles
Tutorials
FAQ

This web site uses cookies. By using the site you accept the cookie policy.This message is for compliance with the UK ICO law.

Windows Presentation Foundation
.NET 4.0+

WPF Text Input Controls - PasswordBox

by , published at http://www.blackwasp.co.uk/PasswordBox.aspx

The fifty-second part of the Windows Presentation Foundation Fundamentals tutorial describes the PasswordBox. This control permits the user to enter a password, or other secret information, in a secure manner.

PasswordBox

The PasswordBox control looks and behaves somewhat like a single-line TextBox. It permits the user to enter a small amount of plain text but without that text being displayed on the screen. Instead, a symbol is added to the control for each character in the typed text. This makes the control ideal for the entry of passwords, where the user would not want onlookers to be able to see the secret information. Additionally, the entered text is stored in a SecureString object, making it difficult to obtain the password by reading the computer's memory directly.

Many of the styling options provided by a standard TextBox are also available for PasswordBoxes. There are other similar properties too, such as MaxLength, which limits the length of the entered information. As we've seen these properties before, we'll only look at a few of the unique members of the PasswordBox control in this article.

To begin, we need a sample solution. Create a new WPF Application project in Visual Studio, naming the project, "PasswordBoxDemo". Once loaded, replace the XAML in the main window with that shown below:

<Window x:Class="PasswordBoxDemo.MainWindow"
        xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
        xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
        Title="PasswordBox Demo"
        Height="150"
        Width="250">
    <Grid Margin="5">
        <Grid.ColumnDefinitions>
            <ColumnDefinition Width="60"/>
            <ColumnDefinition/>
        </Grid.ColumnDefinitions>
        <Grid.RowDefinitions>
            <RowDefinition/>
            <RowDefinition/>
            <RowDefinition/>
        </Grid.RowDefinitions>

        <TextBlock VerticalAlignment="Center">Logon</TextBlock>
        <TextBox Grid.Column="1" VerticalAlignment="Center"/>
        <TextBlock Grid.Row="1" VerticalAlignment="Center">Password</TextBlock>
        <PasswordBox Name="Password" Grid.Column="1" Grid.Row="1" VerticalAlignment="Center"/>
        <Button Grid.Column="1" Grid.Row="2"
                HorizontalAlignment="Right" Height="22">Logon</Button>
    </Grid>
</Window>

The above XAML defines a basic logon dialog box that requests a user's name and password. The PasswordBox control hides the information entered, displaying symbols instead of the real characters, as shown below:

WPF PasswordBox demonstration window

Obtaining the Password Securely

PasswordBox provides two properties that allow you to obtain the entered password. Ideally, you should only work with the password using a SecureString. This ensures that the information remains encrypted in memory, reducing the risk that it can be compromised. To obtain the password in this form, read the SecurePassword property.

To demonstrate, let's read the password when the Logon button is clicked. First, modify the XAML for the button to register the event:

<Button Grid.Column="1" Grid.Row="2"
        HorizontalAlignment="Right" Height="22" Click="Logon_Click">Logon</Button>

Now add the following code for the event. As we can't read the text using the SecurePassword property, this example shows the length of the entered password.

private void Logon_Click(object sender, RoutedEventArgs e)
{
    MessageBox.Show(Password.SecurePassword.Length.ToString());
}

Try running the program, entering a password and clicking the button to see the results.

Obtaining the Password as Plain Text

The second property that returns the password does so using plain text. The Password property is less secure than SecurePassword because it requires that the information be held in a standard string. This is difficult to remove from memory later so is not advisable for truly secure applications.

To demonstrate the property, update the click method code as follows, then try entering a password and clicking the button again.

private void Logon_Click(object sender, RoutedEventArgs e)
{
    MessageBox.Show(Password.Password);
}

Changing the Password Character

If you do not like the standard character that is displayed in place of the password, you can change it using the PasswordChar property. This can be set to any single character. For example, updating the PasswordBox's XAML as shown below means that a plus symbol (+) will be displayed for each character in the password:

<PasswordBox Name="Password" Grid.Column="1" Grid.Row="1" VerticalAlignment="Center"
             PasswordChar="+"/>

The resultant window appears as follows:

WPF PasswordBox with alternative password character

5 March 2014
RSS FeedTwitterGoogle+Facebook
.NET FrameworkAlgorithms and Data StructuresAudioC# ProgrammingConfigurationDebuggingDesign PatternsDocumentationGraphicsInput / OutputLINQNetwork and InternetParallel and AsynchronousPerformanceProgramming ConceptsRefactoringReference SheetsReflectionRegular ExpressionsSecuritySQL ServerSystem InformationTestingToolsVisual StudioWindows ProgrammingWindows Presentation FoundationXML
©2006-2024 BlackWasp
All Rights ReservedCookie PolicyPrivacy PolicyTerms of Use