// public methods
        public static SecurityCredential Acquire(SspiPackage package, string username, SecureString password)
        {
            long timestamp;

            var credential = new SecurityCredential();

#if NET452
            RuntimeHelpers.PrepareConstrainedRegions();
#endif
            try { }
            finally
            {
                uint result;
                if (password == null)
                {
                    result = NativeMethods.AcquireCredentialsHandle(
                        null,
                        package.ToString(),
                        SecurityCredentialUse.Outbound,
                        IntPtr.Zero,
                        IntPtr.Zero,
                        0,
                        IntPtr.Zero,
                        ref credential._sspiHandle,
                        out timestamp);
                }
                else
                {
                    using (var authIdentity = new AuthIdentity(username, password))
                    {
                        // TODO: make this secure by using SecurePassword
                        result = NativeMethods.AcquireCredentialsHandle(
                            null,
                            package.ToString(),
                            SecurityCredentialUse.Outbound,
                            IntPtr.Zero,
                            authIdentity,
                            0,
                            IntPtr.Zero,
                            ref credential._sspiHandle,
                            out timestamp);
                    }
                }
                if (result != NativeMethods.SEC_E_OK)
                {
                    credential.SetHandleAsInvalid();
                    throw NativeMethods.CreateException(result, "Unable to acquire credential.");
                }
            }
            return(credential);
        }
        public static SecurityCredential Acquire(SspiPackage package, string username, MongoIdentityEvidence evidence)
        {
            long timestamp;

            var credential = new SecurityCredential();
            RuntimeHelpers.PrepareConstrainedRegions();
            try { }
            finally
            {
                uint result;
                var passwordEvidence = evidence as PasswordEvidence;
                if (passwordEvidence == null)
                {
                    result = Win32.AcquireCredentialsHandle(
                        null,
                        package.ToString(),
                        SecurityCredentialUse.Outbound,
                        IntPtr.Zero,
                        IntPtr.Zero,
                        0,
                        IntPtr.Zero,
                        ref credential._sspiHandle,
                        out timestamp);

                }
                else
                {
                    using(var authIdentity = new AuthIdentity(username, passwordEvidence.SecurePassword))
                    {
                        // TODO: make this secure by using SecurePassword
                        result = Win32.AcquireCredentialsHandle(
                            null,
                            package.ToString(),
                            SecurityCredentialUse.Outbound,
                            IntPtr.Zero,
                            authIdentity,
                            0,
                            IntPtr.Zero,
                            ref credential._sspiHandle,
                            out timestamp);
                    }
                }
                if (result != Win32.SEC_E_OK)
                {
                    credential.SetHandleAsInvalid();
                    throw Win32.CreateException(result, "Unable to acquire credential.");
                }
            }
            return credential;
        }