Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where should I store the connection string for the production environment of my ASP.NET Core app?

Where should the production and staging connection strings be stored in an ASP.NET Core application, when deploying into IIS 7 (not Azure) ?

I am looking for the recommended way of doing it / best-practice, especially security-wise.

like image 540
Daniel Avatar asked Jul 15 '15 09:07

Daniel


People also ask

Where should I save connection string?

The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.

Which file stores connection settings of ASP.NET application?

Configuration information for ASP.NET applications is commonly stored in an XML file named Web. config .


1 Answers

In ASP.NET 5 it's possible to specify multiple configuration sources. Thanks to this welcoming change to previous model you can store your development connection string in simple json file, and your staging and production connection string in environment variables directly on the respective servers.

If you configure your app like this :

var config = new Configuration()
.AddJsonFile("config.json")
.AddEnvironmentVariables();

and there is connection string in both config.json and environment variable then environment source will win.

So, store your development connection string in config.json(and freely check in in source control) and production one in environment variable. More info here and here.

like image 97
Marko M. Avatar answered Oct 15 '22 13:10

Marko M.