我使用了一个身份验证检查，然后是一个中介类向View调用的子(它也实现了身份验证检查)，将密码写入数据类。

这不是一个完美的解决方案;但是，它弥补了我无法移动密码的问题。

我的观点是:

我曾经使用WPF和MVVM开发了一个典型的登录对话框(用户和密码框，加上“Ok”按钮)。我通过简单地将PasswordBox控件本身作为参数传递给附加到“Ok”按钮的命令来解决密码绑定问题。在我的视图中

<PasswordBox Name="txtPassword" VerticalAlignment="Top" Width="120" />
<Button Content="Ok" Command="{Binding Path=OkCommand}"
   CommandParameter="{Binding ElementName=txtPassword}"/>

在ViewModel中，所附命令的Execute方法如下:

void Execute(object parameter)
{
    var passwordBox = parameter as PasswordBox;
    var password = passwordBox.Password;
    //Now go ahead and check the user name and password
}

这稍微违反了MVVM模式，因为现在ViewModel知道视图是如何实现的，但在那个特定的项目中，我可以负担得起。希望它对某些人也有用。

我使用的是简洁的mvvm友好的解决方案，还没有提到。首先，我在XAML中命名PasswordBox:

<PasswordBox x:Name="Password" />

然后我在视图构造函数中添加了一个方法调用:

public LoginWindow()
{
    InitializeComponent();
    ExposeControl<LoginViewModel>.Expose(this, view => view.Password,
        (model, box) => model.SetPasswordBox(box));
}

就是这样。当视图模型通过DataContext附加到视图时，它将收到通知，当它被分离时，它将收到另一个通知。此通知的内容可以通过lambdas进行配置，但通常它只是视图模型上的setter或方法调用，将有问题的控件作为参数传递。

通过使用视图公开接口而不是子控件，可以很容易地使它对mvvm友好。

上面的代码依赖于我博客上发布的helper类。

使用附加行为和ICommand发送一个SecureString到视图模型

在实现MVVM时，代码隐藏并没有错。MVVM是一种架构模式，旨在将视图与模型/业务逻辑分离。MVVM描述了如何以可重复的方式(模式)实现这一目标。它不关心实现细节，比如如何构造或实现视图。它只是画出边界，并根据这个模式的术语定义什么是视图，视图模型和什么是模型。

MVVM不关心语言(XAML或c#)或编译器(部分类)。独立于语言是设计模式的强制性特征——它必须与语言无关。

However, code-behind has some draw backs like making your UI logic harder to understand, when it is wildly distributed between XAML and C#. But most important implementing UI logic or objects like templates, styles, triggers, animations etc in C# is very complex and ugly/less readable than using XAML. XAML is a markup language that uses tags and nesting to visualize object hierarchy. Creating UI using XAML is very convenient. Although there are situations where you are fine choosing to implement UI logic in C# (or code-behind). Handling the PasswordBox is one example.

因此，在代码背后通过处理PasswordBox来处理PasswordBox。PasswordChanged没有违反MVVM模式。

一个明显的违规是将控件(PasswordBox)传递给视图模型。许多解决方案都推荐这样做，例如，将PasswordBox的实例作为ICommand传递。CommandParameter添加到视图模型。这显然是一个非常糟糕和不必要的建议。

如果你不关心使用c#，只是想保持你的代码文件干净，或者只是想封装一个行为/UI逻辑，你总是可以使用附加属性并实现附加行为。

与臭名昭著的支持绑定纯文本密码的广泛传播帮助器(非常糟糕的反模式和安全风险)相反，此行为使用ICommand将密码作为SecureString发送到视图模型，每当PasswordBox抛出PasswordBox时。PasswordChanged事件。

MainWindow.xaml

<Window>
  <Window.DataContext>
    <ViewModel />
  </Window.DataContext>

  <PasswordBox PasswordBox.Command="{Binding VerifyPasswordCommand}" />
</Window>

ViewModel.cs

public class ViewModel : INotifyPropertyChanged
{
  public ICommand VerifyPasswordCommand => new RelayCommand(VerifyPassword);

  public void VerifyPassword(object commadParameter)
  {
    if (commandParameter is SecureString secureString)
    {
      IntPtr valuePtr = IntPtr.Zero;
      try
      {
        valuePtr = Marshal.SecureStringToGlobalAllocUnicode(value);
        string plainTextPassword = Marshal.PtrToStringUni(valuePtr);

        // Handle plain text password. 
        // It's recommended to convert the SecureString to plain text in the model, when really needed.
      } 
      finally 
      {
        Marshal.ZeroFreeGlobalAllocUnicode(valuePtr);
      }
    }
  }
}

PasswordBox.cs

// Attached behavior
class PasswordBox : DependencyObject
{
  #region Command attached property

  public static readonly DependencyProperty CommandProperty =
    DependencyProperty.RegisterAttached(
      "Command",
      typeof(ICommand),
      typeof(PasswordBox),
      new PropertyMetadata(default(ICommand), PasswordBox.OnSendPasswordCommandChanged));

  public static void SetCommand(DependencyObject attachingElement, ICommand value) =>
    attachingElement.SetValue(PasswordBox.CommandProperty, value);

  public static ICommand GetCommand(DependencyObject attachingElement) =>
    (ICommand) attachingElement.GetValue(PasswordBox.CommandProperty);

  #endregion

  private static void OnSendPasswordCommandChanged(
    DependencyObject attachingElement,
    DependencyPropertyChangedEventArgs e)
  {
    if (!(attachingElement is System.Windows.Controls.PasswordBox passwordBox))
    {
      throw new ArgumentException("Attaching element must be of type 'PasswordBox'");
    }

    if (e.OldValue != null)
    {
      return;
    }

    WeakEventManager<object, RoutedEventArgs>.AddHandler(
      passwordBox,
      nameof(System.Windows.Controls.PasswordBox.PasswordChanged),
      SendPassword_OnPasswordChanged);
  }

  private static void SendPassword_OnPasswordChanged(object sender, RoutedEventArgs e)
  {
    var attachedElement = sender as System.Windows.Controls.PasswordBox;
    SecureString commandParameter = attachedElement?.SecurePassword;
    if (commandParameter == null || commandParameter.Length < 1)
    {
      return;
    }

    ICommand sendCommand = GetCommand(attachedElement);
    sendCommand?.Execute(commandParameter);
  }
}

正如你所看到的，我绑定到密码，但也许它绑定到静态类..

它是一个附加属性。这种属性可以应用于任何类型的DependencyObject，而不仅仅是声明它的类型。因此，尽管它是在PasswordHelper静态类中声明的，但它还是应用于使用它的PasswordBox。

要使用这个附加属性，你只需要将它绑定到ViewModel中的Password属性:

<PasswordBox w:PasswordHelper.Attach="True" 
         w:PasswordHelper.Password="{Binding Password}"/>

对我来说，这两件事都不对:

实现明文密码属性 将PasswordBox作为命令参数发送给ViewModel

像Steve在CO中描述的那样传输SecurePassword (SecureString实例)似乎是可以接受的。我更喜欢行为而不是背后的代码，而且我还需要能够从视图模型重置密码。

Xaml (Password是ViewModel属性):

<PasswordBox>
    <i:Interaction.Behaviors>
        <behaviors:PasswordBinding BoundPassword="{Binding Password, Mode=TwoWay}" />
    </i:Interaction.Behaviors>
</PasswordBox>

行为:

using System.Security;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Interactivity;

namespace Evidence.OutlookIntegration.AddinLogic.Behaviors
{
    /// <summary>
    /// Intermediate class that handles password box binding (which is not possible directly).
    /// </summary>
    public class PasswordBoxBindingBehavior : Behavior<PasswordBox>
    {
        // BoundPassword
        public SecureString BoundPassword { get { return (SecureString)GetValue(BoundPasswordProperty); } set { SetValue(BoundPasswordProperty, value); } }
        public static readonly DependencyProperty BoundPasswordProperty = DependencyProperty.Register("BoundPassword", typeof(SecureString), typeof(PasswordBoxBindingBehavior), new FrameworkPropertyMetadata(OnBoundPasswordChanged));

        protected override void OnAttached()
        {
            this.AssociatedObject.PasswordChanged += AssociatedObjectOnPasswordChanged;
            base.OnAttached();
        }

        /// <summary>
        /// Link up the intermediate SecureString (BoundPassword) to the UI instance
        /// </summary>
        private void AssociatedObjectOnPasswordChanged(object s, RoutedEventArgs e)
        {
            this.BoundPassword = this.AssociatedObject.SecurePassword;
        }

        /// <summary>
        /// Reacts to password reset on viewmodel (ViewModel.Password = new SecureString())
        /// </summary>
        private static void OnBoundPasswordChanged(object s, DependencyPropertyChangedEventArgs e)
        {
            var box = ((PasswordBoxBindingBehavior)s).AssociatedObject;
            if (box != null)
            {
                if (((SecureString)e.NewValue).Length == 0)
                    box.Password = string.Empty;
            }
        }

    }
}