Update 2016/1/23
If you find this answer useful, you may be interested in a simple (~500 SLOC) password generation library I published:
Install-Package MlkPwgen
Then you can generate random strings just like in the answer below:
var str = PasswordGenerator.Generate(length: 10, allowed: Sets.Alphanumerics);
One advantage of the library is that the code is better factored out so you can use secure randomness for more than generating strings. Check out the project site for more details.
Original Answer
Since no one has provided secure code yet, I post the following in case anyone finds it useful.
string RandomString(int length, string allowedChars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") {
if (length < 0) throw new ArgumentOutOfRangeException("length", "length cannot be less than zero.");
if (string.IsNullOrEmpty(allowedChars)) throw new ArgumentException("allowedChars may not be empty.");
const int byteSize = 0x100;
var allowedCharSet = new HashSet<char>(allowedChars).ToArray();
if (byteSize < allowedCharSet.Length) throw new ArgumentException(String.Format("allowedChars may contain no more than {0} characters.", byteSize));
// Guid.NewGuid and System.Random are not particularly random. By using a
// cryptographically-secure random number generator, the caller is always
// protected, regardless of use.
using (var rng = System.Security.Cryptography.RandomNumberGenerator.Create()) {
var result = new StringBuilder();
var buf = new byte[128];
while (result.Length < length) {
rng.GetBytes(buf);
for (var i = 0; i < buf.Length && result.Length < length; ++i) {
// Divide the byte into allowedCharSet-sized groups. If the
// random value falls into the last group and the last group is
// too small to choose from the entire allowedCharSet, ignore
// the value in order to avoid biasing the result.
var outOfRangeStart = byteSize - (byteSize % allowedCharSet.Length);
if (outOfRangeStart <= buf[i]) continue;
result.Append(allowedCharSet[buf[i] % allowedCharSet.Length]);
}
}
return result.ToString();
}
}
Thanks to Ahmad for pointing out how to get the code working on .NET Core.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…