Has anyone ever worked with this class, it is often used in large projects?
No, I do not know a good portion of great projects to state. I do not know if that matters. Either the feature is useful or not, if it is used in large or small projects it is not the case.
The .Net itself uses a lot . All of these places consider safe text to be important in their context.
When would it really be necessary to use this class and what it protects?
Basically it guarantees that it will be used in a very restricted context and will be erased as soon as possible, as well as not allowing it to leave the scope of application memory. Obviously it is encrypted.
But it is not completely safe, after all it needs to be manipulated and in those moments it is discovered. It hampers naive attempts at improper access. It helps a lot the programmer himself not to divulge the data somewhere by his own slip.
Many people do not know that at the end of the application the data stays in memory, they are not erased and can be viewed by third parties with the right knowledge. Even during its execution it is possible to access all the data even from outside it. It is very easy to take everything that is in the memory. In a compromised machine, either by a hacker , or by a person with privileged access that is malicious.
If intent is total protection, forget it. Usually used only for data that really needs to be protected in memory, like passwords, credit card numbers and stuff like that. If all the rest of the chain has flaws, it's no use.
Is it more recommended to use it for what type of project: ASP.NET, WPF, Windows Forms?
Never mind, use when you need this security. WPF has a control PasswordBox
that uses SecureString
internally, then it eliminates a point of insecurity where the data can be captured.
It seems that in Mono it is not as well implemented, but this can change right away with the project taking parts from .Net Core .
You have a question that deals with this .
Microsoft article on the subject . And the continuation .