I'm about to create an authentication module in my C#/WPF application. To authenticate the user, I would like to use NetworkCredential
to store the credentials.
Credential = new NetworkCredential(credential.UserName, credential.Password);
Where the credential.UserName
is a string
and credential.Password
is of the type SecureString
. When debugging the application I can see the password in plain text as well as in secure string
Why is the password exposed as plain text? Isn't this a possible security threat?
Thanks for answering.
EDIT:
For the record, the NetworkCredential
object shall be used on the WCF client, like this:
client.ClientCredentials.Windows.ClientCredential = Credentials