Secure data in memory

The first thing you need to consider is how you are managing the sensitive information in your code. As an example if you manage your password(plain text) using a string data type, there is a high risk that some one can grab your password from the memory. Because in .Net, the String data type is immutable and you do not have any control over it.

So the best way to manage sensitive string data in a .Net app is by using the SecureString class. It is managing string data as byte arrays and you do not need to worry about data conversions etc.. You can use the Dispose() method when ever you finish your work with sensitive data.

        // Instantiate the secure string.
        SecureString securePwd = new SecureString();
        ConsoleKeyInfo key;

        Console.Write("Enter password: ");
        do {
           key = Console.ReadKey(true);

           // Ignore any key out of range.
           if (((int) key.Key) >= 65 && ((int) key.Key <= 90)) {
              // Append the character to the password.
              securePwd.AppendChar(key.KeyChar);
              Console.Write("*");
           }   
        // Exit if Enter key is pressed.
        } while (key.Key != ConsoleKey.Enter);
        Console.WriteLine();

        try {
            Process.Start("Notepad.exe", "MyUser", securePwd, "MYDOMAIN");
        }
        catch (Win32Exception e) {
            Console.WriteLine(e.Message);
        }
        finally {
           securePwd.Dispose();
        } 

What is the best encryption algorithm for our case?

Passwords need to hashed using good salt and good hashing algorithm. Do not use MD5 or SHA1 because these are weak hashes according to the current standards. 

At the moment we can consider the PBKDF2 is one of the best hashing algorithms available. 

The AspNet Identity framework using the PBKDF2.

You can use AES algorithm to encrypt your other sensitive data. But keep in mind to secure your keys. 

You can use the .Net Key container for that purpose