SecureString.MakeReadOnly Method ()


The .NET API Reference documentation has a new home. Visit the .NET API Browser on to see the new experience.

Makes the text value of this secure string read-only.

Namespace:   System.Security
Assembly:  mscorlib (in mscorlib.dll)

Public Sub MakeReadOnly

Exception Condition

This secure string has already been disposed.

Initialize the text value of an instance of the SecureString class with the SecureString constructors, and modify the value with the Clear, RemoveAt, SetAt, InsertAt, and AppendChar methods.

After you have made your final modifications, use the MakeReadOnly method to make the value of the instance immutable (read-only). After the value is marked as read-only, any further attempt to modify it throws an InvalidOperationException.

The effect of invoking MakeReadOnly is permanent because the SecureString class provides no means to make the secure string modifiable again. Use the IsReadOnly method to test whether an instance of SecureString is read-only.

The following example demonstrates how the AppendChar and RemoveAt methods can be used to collect the characters in a password. After the password is collected, it is made read-only.

Imports System.Security

Class Example
   Public Shared Sub Main()
      Dim cki As ConsoleKeyInfo
      Dim m As String = vbCrLf & "Enter your password (up to 15 letters, numbers, and underscores)" &
                        vbCrLf & "Press BACKSPACE to delete the last character entered. " & vbCrLf &
                        "Press Enter when done, or ESCAPE to quit: "
      Dim password As New SecureString()
      Dim top, left As Integer

      ' The Console.TreatControlCAsInput property prevents CTRL+C from
      ' ending this example.
      Console.TreatControlCAsInput = True


      top = Console.CursorTop
      left = Console.CursorLeft

      ' Read user input from the console. Store up to 15 letter, digit, or underscore
      ' characters in a SecureString object, or delete a character if the user enters 
      ' a backspace. Display an asterisk (*) on the console to represent each character 
      ' that is stored.

         cki = Console.ReadKey(True)
         If cki.Key = ConsoleKey.Escape Then Exit Do

         If cki.Key = ConsoleKey.Backspace Then
            If password.Length > 0 Then
               Console.SetCursorPosition(left + password.Length - 1, top)
               Console.Write(" "c)
               Console.SetCursorPosition(left + password.Length - 1, top)
               password.RemoveAt(password.Length - 1)
            End If
            If password.Length < 15 AndAlso([Char].IsLetterOrDigit(cki.KeyChar) _
            OrElse cki.KeyChar = "_"c) Then
               Console.SetCursorPosition(left + password.Length - 1, top)
            End If
         End If
      Loop While cki.Key <> ConsoleKey.Enter And password.Length < 15

      ' Make the password read-only to prevent modification.
      ' Dispose of the SecureString instance.
   End Sub
End Class
' The example displays output like the following:
'    Enter your password (up to 15 letters, numbers, and underscores)
'    Press BACKSPACE to delete the last character entered.
'    Press Enter when done, or ESCAPE to quit:
'    ************

.NET Framework
Available since 2.0
Return to top