Use proper SecureString construction to avoid empty password issues (#417)

src/Microsoft.SqlTools.ServiceLayer/Admin/AdminService.cs

@@ -175,26 +175,23 @@ namespace Microsoft.SqlTools.ServiceLayer.Admin
         internal static DatabaseTaskHelper CreateDatabaseTaskHelper(ConnectionInfo connInfo, bool databaseExists = false)
         {
             XmlDocument xmlDoc = CreateDataContainerDocument(connInfo, databaseExists);
-            char[] passwordArray = connInfo.ConnectionDetails.Password.ToCharArray();
             CDataContainer dataContainer;
 
             // check if the connection is using SQL Auth or Integrated Auth
             if (string.Equals(connInfo.ConnectionDetails.AuthenticationType, "SqlLogin", StringComparison.OrdinalIgnoreCase))
             {
-                unsafe
+                var passwordSecureString = new System.Security.SecureString();
-                {
+                foreach (char c in connInfo.ConnectionDetails.Password) {
-                    fixed (char* passwordPtr = passwordArray)
+                    passwordSecureString.AppendChar(c);
-                    {
+                }
                 dataContainer = new CDataContainer(
                     CDataContainer.ServerType.SQL,
                     connInfo.ConnectionDetails.ServerName,
                     false,
                     connInfo.ConnectionDetails.UserName,
-                            new System.Security.SecureString(passwordPtr, passwordArray.Length),
+                    passwordSecureString,
                     xmlDoc.InnerXml);
             }
-                }
-            }
             else
             {
                 dataContainer = new CDataContainer(