Where should the production and staging connection strings be stored in an ASP.NET Core application, when deploying into IIS 7 (not Azure) ?
I am looking for the recommended way of doing it / best-practice, especially security-wise.
The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.
Configuration information for ASP.NET applications is commonly stored in an XML file named Web. config .
In ASP.NET 5 it's possible to specify multiple configuration sources. Thanks to this welcoming change to previous model you can store your development connection string in simple json file, and your staging and production connection string in environment variables directly on the respective servers.
If you configure your app like this :
var config = new Configuration()
.AddJsonFile("config.json")
.AddEnvironmentVariables();
and there is connection string in both config.json and environment variable then environment source will win.
So, store your development connection string in config.json(and freely check in in source control) and production one in environment variable. More info here and here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With