How can I safely keep the value of a password field during postbacks in ASP.NET?

is there a way to safely keep the value of a password field during postbacks in ASP.NET? I was thinking of the viewstate, but I don't want to print it clearly in the HTML code by setting the control value equals to the vi开发者_Python百科ewstate content at every postback.

If security is a concern, you should either :

• Use HTTPS
• At the bare minimum never store plain password even in your database but say a MD5 hash of the password(bare minimum). -Use this hash instead of the password in your postbacks

You should not save the value of the password in the viewstate, since the view state is visible to the end user.
You can save it in a session object if you want.

I'm not sure of how well this would pan out in an ASP.NET application but take a look into System.Security.SecureString.

This will allow you to populate a string which is encrypted using machine specific (your server) encryption. You will need to marshal this object to a usable (and decrypted) string when it is required, which, I believe, is why some are divided as to its usefulness - I think there are ways and whens to use it, and not.