DEVHIDE
Login Or Sign up

PasswordBox PasswordHelper multibinding

815 Views Asked by At

In WPF the Password property of a PasswordBox is not a DependencyProperty so I can't bind to it directly. As a workaround I am using this PasswordHelper from https://www.wpftutorial.net/PasswordBox.html which attaches a PasswordHelper.Password to the PasswordBox so I can bind to it.

To prevent the password from staying in the DataContext as plain text I would like to use a converter which generates a salted hash of the password before saving it to the DataContext. As I need to save both the salt and the salted hash to the DataContext I am using a MultiBinding and a IMultiValueConverter converter StringToSaltedHashConverter.

My problem is that the Password and PasswordSalt properties of my DataContext are not getting updated when I fill the PasswordBox. I have checked with Snoop and both the Password and PasswordHelper.Password properties of the PasswordBoxare changing accordingly to what I type. Also my StringToSaltedHashConverter is being called and I am returning the correct values.

I have some other bindings on this form (username, first name, last name, gender...) and they all work fine. This is the only one that is not updating.

¿Why is my DataContext not getting updated?

XAML:

<PasswordBox x:Name="Password"
             Style="{DynamicResource PasswordBoxStyle1}"
             local:PasswordHelper.Attach="True">
    <local:PasswordHelper.Password>
        <MultiBinding Converter="{StaticResource StringToSaltedHashConverter}"
                      Mode="OneWayToSource">
            <Binding Path="Password" />
            <Binding Path="PasswordSalt" />
        </MultiBinding>
    </local:PasswordHelper.Password>
</PasswordBox>

Code behind:

public class StringToSaltedHashConverter : IMultiValueConverter
{
    public object Convert(object[] values, Type targetType, object parameter, CultureInfo culture)
    {
        throw new NotImplementedException();
    }

    public object[] ConvertBack(object value, Type[] targetTypes, object parameter, CultureInfo culture)
    {
        string str = value as string;
        string salt = Hash.CreateSalt();
        string hash = Hash.CreateHash(str, salt);
        object[] vs = { hash, salt };
        return vs;
    }
}
wpf multibinding passwordbox imultivalueconverter
Original Q&A
3

There are 3 best solutions below

5
BionicCode On

This is not the way to go. PasswordHelper class and their likes should be banned from the internet. The PasswordBox.Password property is not bindable for a very good reason which is well documented. Accessing this property will create a plain text string representation which can be effordlessly retrieved with free tools e.g. Microsoft Process Explorer.

When you get the Password property value, you expose the password as plain text in memory. To avoid this potential security risk, use the SecurePassword property to get the password as a SecureString.

Setting this property to null causes the underlying password to be set to Empty.

You even store the plain salt value in memory - I really hope this is neither a commercial nor a public application. You have absolutely no control when the Garbage Collector will remove any value from the memory. Since String is an immutable type, it is very likely that multiple copies of the user's password will remain public in memory.

Recommended authentication in a Windows environment is to use the Windows User Authentication API.

You should at least clear the PasswordBox.Password property, by setting it null.

Encryption should not be done in the view.

And please, write responsible code! User data is not your data!

MainWindow.xaml

<Window>
  <Window.DataContext>
    <ViewModel />
  </Window.DataContext>

  <PasswordBox x:Name="PasswordBox" />
</Window>

MainWindow.xaml.cs

public partial class MainWindow : Window
{
  public MainWindow()
  {
    InitializeComponent();

    this.PasswordBox.PasswordChanged += OnPasswordChanged;
  }

  private void OnPasswordChanged(object sender, RoutedEventArgs e)
  {
    (this.DataContext as ViewModel).Password = this.PasswordBox.SecurePassword;
  }
}

ViewModel.cs

pucblic class ViewModel
{
  private Model Model { get; }

  private SecureString password;
  public SecureString Password
  {
    private get => this.password;
    public set
    {
      this.password = value;
      OnPasswordChanged();
    }
  }

  private void OnPasswordChanged()
  {
    // Hash password in the model e.g. to compare it to a hashed database value
    this.Model.TryLogin(this.Password);
  }
}

Model.cs

public class Model
{
  public bool TryLogin(SecureString password)
  {  
    IntPtr unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(password);
    string hashedPassword = HashPassword(Marshal.PtrToStringUni(unmanagedString));

    return PasswordIsValid(hashedPassword);
  }

  private string HashPassword(string unsecurePassword)
  {
    // Hash algorithm
  }
}
0
Sir Rufo On

Before I need the password from a PasswordBox the User will tell me that he has finished with input by pressing a button.

The best option for me is to use the CommandParameter of the Button with the LoginCommand:

<StackPanel
        Width="300"
        HorizontalAlignment="Center"
        VerticalAlignment="Center">
    <Label Content="Username:" />
    <TextBox Text="{Binding Username}" />
    <Label Content="Password:" />
    <PasswordBox PasswordChanged="PasswordChanged" />
    <StackPanel
            Orientation="Horizontal">
        <Button
                Name="LoginButton"
                Command="{Binding LoginCommand}"
                Content="Login" />
    </StackPanel>
</StackPanel>

View code

private void PasswordChanged( object sender, RoutedEventArgs e )
{
    LoginButton.CommandParameter = ( sender as PasswordBox ).SecurePassword;
}

ViewModel Command

Login = ReactiveCommand.CreateFromTask( async ( SecureString password, CancellationToken cancellationToken ) =>
{
    var loggedIn = await AuthenticationService.LoginAsync( Username, password, cancellationToken );
    ...
} );
0
deiviz On

I just wanted to thank everyone for your answers and insighful comments. You made me realize that I should not be using a PasswordHelper and that I should not be trying to bind to the password at all.

Just in case anyone is having a similar problem with a MultiBinding not properly updating the DataContext, this can be fixed by adding the OneWayToSource mode to each of the bindings inside the MultiBinding.

<MultiBinding Converter="{StaticResource StringToSaltedHashConverter}" 
              Mode="OneWayToSource">
    <Binding Path="Password"
             Mode="OneWayToSource" />
    <Binding Path="PasswordSalt"
             Mode="OneWayToSource" />
</MultiBinding>

Related Questions in WPF

Related Questions in MULTIBINDING

Related Questions in PASSWORDBOX

Related Questions in IMULTIVALUECONVERTER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.