CredUIPromptForCredentials from .NET with SecureString

可以将非托管字符串缓冲区的IntPtr强制转换为char*，并使用SecureString(char*, int)构造函数。

// somehow, we come into posession of an IntPtr to a string
// obviously, this would be a foolish way to come into it in
// production, since stringOriginalContents is already in managed
// code, and the lifetime can therefore not be guaranteed...
var stringOriginalContents = "foobar";
IntPtr strPtr = Marshal.StringToHGlobalUni(stringOriginalContents);
int strLen = stringOriginalContents.Length;
int maxLen = 100;
// we copy the IntPtr to a SecureString, and zero out the old location
SecureString ssNew;
unsafe
{
    char* strUPtr = (char*)strPtr;
    // if we don't know the length, calculate
    //for (strLen = 0; *(strUPtr + strLen) != ''0' 
    //    // stop if the string is invalid
    //    && strLen < maxLen; strLen++)
    //    ;
    ssNew = new SecureString((char*)strPtr, strLen);
    // zero out the old memory and release, or use a Zero Free method
    //for (int i = 0; i < strLen; i++)
    //    *(strUPtr + i) = ''0';
    //Marshal.FreeHGlobal(strPtr);
    // (only do one of these)
    Marshal.ZeroFreeGlobalAllocUnicode(strPtr);
}
// now the securestring has the protected data, and the old memory has been
// zeroed, we can check that the securestring is correct.  This, also should
// not be in production code.
string strInSecureString =
    Marshal.PtrToStringUni(
    Marshal.SecureStringToGlobalAllocUnicode(ssNew));
Assert.AreEqual(strInSecureString, stringOriginalContents);