You are developing an ASP.NET MVC application that will run in a shared environment.
The application requests the user’s password, and then uses the password to sign data.
You need to minimize the potential for the password to be discovered by other processes that run in the shared
environment. What should you do?
A.
Add the SecuritySafeCriticalAttribute attribute to the methods which process the password.
B.
Store the password in a SecureString instance.
C.
Encrypt the password on the web page, and decrypt the password in the MVC application.
D.
Run the code that processes the password in its own AppDomain.
Explanation:
Application domains provide a unit of isolation for the common language runtime. They are created and run
inside a process. Application domains are usually created by a runtime host, which is an application responsible
for loading the runtime into a process and executing user code within an application domain. The runtime host
creates a process and a default application domain, and runs managed code inside it. Runtime hosts include
ASP.NET, Microsoft Internet Explorer, and the Windows shell.
For most applications, you do not need to create your own application domain; the runtime host creates any
necessary application domains for you. However, you can create and configure additional application domains if
your application needs to isolate code or to use and unload DLLs.
https://msdn.microsoft.com/en-us/library/yb506139(v=vs.110).aspx