Password field is empty when a NetworkCredential object is deserialized at the WCF service
This article helps you working around the problem that the password field is empty when you deserialize a NetworkCredential object that's passed as a parameter to a Windows Communication Foundation (WCF) service operation.
Original product version: Microsoft .NET Framework 4.5
Original KB number: 3021166
Symptoms
When you deserialize a NetworkCredential object that was passed as a parameter to a WCF service operation, you discover that the password field is empty.
For example, you have a WCF Contract defined as follows:
[ServiceContract] public interface IService
{
[OperationContract] string GetData(NetworkCredential myCredential);
}
When the GetData operation is called from a client that passes a NetworkCredential string, the myCredential.Password value is empty.
Cause
It's a known issue that was introduced in the .NET Framework 4.0. The issue occurs when a new property SecurePassword value is added to NetworkCredential. This property overwrites the original password string when the NetworkCredential object is deserialized on the service side.
Workaround
To work around this issue, pass the user name and password as strings, and then create a NetworkCredential object at the service.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for