Marshal.SecureStringToCoTaskMemUnicode Method (SecureString)


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Copies the contents of a managed SecureString object to a block of memory allocated from the unmanaged COM task allocator.

Namespace:   System.Runtime.InteropServices
Assembly:  mscorlib (in mscorlib.dll)

public static IntPtr SecureStringToCoTaskMemUnicode(
	SecureString s


Type: System.Security.SecureString

The managed object to copy.

Return Value

Type: System.IntPtr

The address, in unmanaged memory, where the s parameter was copied to, or 0 if a null object was supplied.

Exception Condition

The s parameter is null.


The current computer is not running Windows 2000 Service Pack 3 or later.


There is insufficient memory available.

The SecureStringToCoTaskMemUnicode method is useful for custom marshaling or when mixing managed and unmanaged code. Because this method allocates the unmanaged memory required for a string, always free the memory by calling the ZeroFreeCoTaskMemUnicode method. The characters of the string are copied as Unicode characters.

Notes to Callers:

This method is supported only on computers running Windows 2000 Service Pack 3 or later.

The following example uses the SecureStringToCoTaskMemUnicode method to marshal and decrypt the contents of a SecureString object to a block of unmanaged memory. It then uses the ZeroFreeCoTaskMemUnicode method to zero out and dispose the unmanaged block.

using System;
using System.Runtime.InteropServices;
using System.Security;

class Example
    static void Main()
        IntPtr unmanagedRef = IntPtr.Zero;
        // Ask the user for a password.
        Console.Write("Please enter your password: ");
        SecureString passWord = GetPassword();

        Console.WriteLine("Copying and decrypting the string to unmanaged memory...");
        // Copy the Secure string to unmanaged memory (and decrypt it).
        unmanagedRef = Marshal.SecureStringToCoTaskMemUnicode(passWord);

        if (unmanagedRef != IntPtr.Zero) {
            Console.WriteLine("Zeroing out unmanaged memory...");

    public static SecureString GetPassword()
        SecureString password = new SecureString();

        // get the first character of the password
        ConsoleKeyInfo nextKey = Console.ReadKey(true);
        while (nextKey.Key != ConsoleKey.Enter) {
            if (nextKey.Key == ConsoleKey.Backspace) {
                if (password.Length > 0) {
                    password.RemoveAt(password.Length - 1);

                    // erase the last * as well
                    Console.Write(" ");
            else {

            nextKey = Console.ReadKey(true);


         // Lock the password down.
         return password;
// The example displays output like the following:
//       Please enter your password: **********
//       Copying and decrypting the string to unmanaged memory...
//       Zeroing out unmanaged memory...
//       Done.


requires full trust for the immediate caller. This member cannot be used by partially trusted or transparent code.

.NET Framework
Available since 2.0
Return to top