Password field is empty when a NetworkCredential object is deserialized at the WCF service
სტატია
This article helps you working around the problem that the password field is empty when you deserialize a NetworkCredential object that's passed as a parameter to a Windows Communication Foundation (WCF) service operation.
Original product version: Microsoft .NET Framework 4.5 Original KB number: 3021166
Symptoms
When you deserialize a NetworkCredential object that was passed as a parameter to a WCF service operation, you discover that the password field is empty.
For example, you have a WCF Contract defined as follows:
When the GetData operation is called from a client that passes a NetworkCredential string, the myCredential.Password value is empty.
Cause
It's a known issue that was introduced in the .NET Framework 4.0. The issue occurs when a new property SecurePassword value is added to NetworkCredential. This property overwrites the original password string when the NetworkCredential object is deserialized on the service side.
Workaround
To work around this issue, pass the user name and password as strings, and then create a NetworkCredential object at the service.
Protect your Active Directory environment by securing user accounts to least privilege and placing them in the Protected Users group. Learn how to limit authentication scope and remediate potentially insecure accounts.