This might be a duplicate (question) but I am looking specifically for the .NET best practice.
How to store database connection strings, username and password etc. in a safe way? Is an encrypted app.config best in most cases?
I would also like to be able to set the password in the config file and then have it encrypted as soon as the application starts. (I am not asking for a solution as I have solved this before, I’m just looking for best practise(s)).
I’m also interested in alternative solutions that you have good experiences with.
I think the best practice is to use integrated security if possible, for 2 reasons… It is the easiest solution to manage and it is the easiest solution to get right.
If for some reason you can’t use integrated security and you have to use username and password encrypt them using something like the Enterprise Library‘s Config Manager to encrypt sections of your web.config.