In one of the applications I have been referring to, the Connection String is stored in AppSettings! Till now I have been storing the connection in the <connectionstring/>
element. But what is the correct way?
So my question is, what are the differences between <connectionstrings>
and <appsettings>
in the web.config and are there any specific reasons why I should or should not be storing connection strings in appsettings? Are there any rules / guidelines provided to follow? Or is this completely the choice of the developer?
There is a fundamental difference between connectionString
and appSettings
:
They look for different things. In .NET 2.0 and above:
A connectionString
object is an XML node that has specific attributes to set; and semantically it refers to a database connection string.
For instance, a connectionString
looks like the following:
<connectionStrings>
<clear/>
<add name="LocalSqlServer"
connectionString="Data Source=(local);Initial Catalog=aspnetdb;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
You'll notice it has a few different attributes:
name
connectionString
: This has a specific string inside of it, it needs an Initial Catalog
, a security mechanism (in this case Integrated Security
providerName
Whereas appSettings
is just a user-defined Key-value pair that allows you to... well... set application settings. It can be anything:
<appSettings>
<add key="Mom" value="Your"/>
<add key="UseCache" value="True"/>
<add key="MapsKey" value="1234567890-AA"/>
<add key="SMTPServer" value="smtp.peterkellner.net"/>
</appSettings>
In many cases, it would just be odd to put the connectionString in a key-value pair like appSettings
(semantically and programmatically). As well as it would make it more difficult to encrypt the connectionString when you need to.
There is more information about this from this blog post.
As far as I know it doesn't make a huge amount of difference, other than it being in the "correct" place - the main advantage of putting connection strings in their own section (you do encrypt your connection strings.. right?) is so you can encrypt that section without encrypting all of the settings you might want to change.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With