What should you do?

You are developing an ASP.NET MVC application that will run in a shared environment.

The application requests the user’s password, and then uses the password to sign data.

You need to minimize the potential for the password to be discovered by other processes that run in the shared environment.

What should you do?
A . Add the SecuritySafeCriticalAttribute attribute to the methods which process the password.
B . Store the password in a SecureString instance.
C . Encrypt the password on the web page, and decrypt the password in the MVC application.
D . Run the code that processes the password in its own AppDomain.

View Answer

Answer: D

Explanation:

Application domains provide a unit of isolation for the common language runtime. They are created and run inside a process. Application domains are usually created by a runtime host, which is an application responsible for loading the runtime into a process and executing user code within an application domain. The runtime host creates a process and a default application domain, and runs managed code inside it. Runtime hosts include ASP.NET, Microsoft Internet Explorer, and the Windows shell.

For most applications, you do not need to create your own application domain; the runtime host creates any necessary application domains for you.

However, you can create and configure additional application domains if your application needs to isolate code or to use and unload DLLs.

References: https://msdn.microsoft.com/en-us/library/yb506139(v=vs.110).aspx