Martin,

You are absolutely right. I was disposing of a SecureString right after setting it in SessionOptions. This is truly embarrassing. I am very sorry to have wasted your time.

Andrew

I cannot reproduce the problem.
Can you post a code sample?
Did it work before 5.13.1?
Actually .Password and .PrivateKeyPassphrase have a shared implementation.

I actually looks like, that you dispose the SecureString instance that you set to .PrivateKeyPassphrase before you call .Open.

In version 5.13.1 and 5.13.2 ObjectDisposedExcepotion is thrown when opening a session using SessionOptions with SecurePrivateKeyPassphrase set. SecurePassword property works as expected. I believe there is a bug in reading SecurePrivateKeyPassphrase from SecureString and if you just copy the same implementation as when reading SecurePassword, the issue should be resolved. If I use string PrivateKeyPassphrase property, everything works fine. Here is the stack trace:

System.ObjectDisposedException: Cannot access a disposed object.
at System.Security.SecureString.ToUniStr(Boolean allocateFromHeap)
at WinSCP.SessionOptions.GetPassword(SecureString securePassword)
at WinSCP.Session.SessionOptionsToSwitches(SessionOptions sessionOptions, Boolean scanFingerprint, String& arguments, String& logArguments)
at WinSCP.Session.SessionOptionsToUrlAndSwitches(SessionOptions sessionOptions, Boolean scanFingerprint, String& command, String& log)
at WinSCP.Session.Open(SessionOptions sessionOptions)