SecureString Class

SecureString Class


Represents text that should be kept confidential, such as by deleting it from computer memory when no longer needed. This class cannot be inherited.

Namespace:   System.Security
Assembly:  mscorlib (in mscorlib.dll)


public ref class SecureString sealed : IDisposable


Initializes a new instance of the SecureString class.

System_CAPS_pubmethodSecureString(Char*, Int32)

This API supports the product infrastructure and is not intended to be used directly from your code. Initializes a new instance of the SecureString class from a subarray of System::Char objects.


Gets the number of characters in the current secure string.


Appends a character to the end of the current secure string.


Deletes the value of the current secure string.


Creates a copy of the current secure string.


Releases all resources used by the current SecureString object.


Determines whether the specified object is equal to the current object.(Inherited from Object.)


Serves as the default hash function. (Inherited from Object.)


Gets the Type of the current instance.(Inherited from Object.)

System_CAPS_pubmethodInsertAt(Int32, Char)

Inserts a character in this secure string at the specified index position.


Indicates whether this secure string is marked read-only.


Makes the text value of this secure string read-only.


Removes the character at the specified index position from this secure string.

System_CAPS_pubmethodSetAt(Int32, Char)

Replaces the existing character at the specified index position with another character.


Returns a string that represents the current object.(Inherited from Object.)

An instance of the System::String class is both immutable and, when no longer needed, cannot be programmatically scheduled for garbage collection; that is, the instance is read-only after it is created and it is not possible to predict when the instance will be deleted from computer memory. Consequently, if a String object contains sensitive information such as a password, credit card number, or personal data, there is a risk the information could be revealed after it is used because your application cannot delete the data from computer memory.


This type implements the IDisposable interface. When you have finished using the type, you should dispose of it either directly or indirectly. To dispose of the type directly, call its Dispose method in a try/catch block. To dispose of it indirectly, use a language construct such as using (in C#) or Using (in Visual Basic). For more information, see the “Using an Object that Implements IDisposable” section in the IDisposable interface topic.

A SecureString object is similar to a String object in that it has a text value. However, the value of a SecureString object may use a protection mechanism, such as encryption, provided by the underlying operating system, can be modified until your application marks it as read-only, and can be deleted from computer memory by either your application or the .NET Framework garbage collector.

The value of an instance of SecureString is automatically protected using a mechanism supported by the underlying platform when the instance is initialized or when the value is modified. Your application can render the instance immutable and prevent further modification by invoking the MakeReadOnly method.

Note that SecureString has no members that inspect, compare, or convert the value of a SecureString. The absence of such members helps protect the value of the instance from accidental or malicious exposure. Use appropriate members of the System.Runtime.InteropServices::Marshal class, such as the SecureStringToBSTR method, to manipulate the value of a SecureString object.

The SecureString class and its members are not visible to COM. For more information, see ComVisibleAttribute.


In addition to Windows 2000 Service Pack 4 and later, SecureString is supported on Windows 2000 Service Pack 3.

The following example demonstrates how to use a SecureString to secure a user’s password for use as a credential to start a new process.

No code example is currently available or this language may not be supported.

.NET Framework
Available since 2.0

Any public static (Shared in Visual Basic) members of this type are thread safe. Any instance members are not guaranteed to be thread safe.

Return to top
© 2015 Microsoft