GenerateRandomBytes is considered cryptographically secure whereas System.Random is not.
If it is known that you are preventing duplicate characters, you are actually cutting down the number of possibilities that a brute-force attacker would have to try. Let the randomness do its thing.