How do I manage connection strings and credentials for a DB in C#?

What is the proper way to manage DB connection开发者_JS百科 strings/credentials in a .NET 4/IIS 7 environment? I have a simple development lifecycle, DEV -> TEST -> PROD. I have a sqlexpress DB on my local machine for DEV, a copy of SQL Server 2008 for TEST and another Sql Server 2008 install for PROD.

I'd prefer not to use integrated security. Also, I'd prefer to NOT deploy my credentials or connection string in my web.config file. What's the solution to simplifying the deploy process in a safe and secure manner?

One thing you could do is encrypt the connection string with credentials and store it in the central web.config file on the server so that you don't have to worry about it when deploying. Then locally, on test and on production, the connection string would be available when the app is deployed but handled outside the standard deployment process. Naturally, you would want to use the same connection string name in each location to minimize differences in configuration between environments. I have used this process before and it worked out quite well.

Have a look here.

From ASP.NET 2.0 it provides a feature, called protected configuration, that enables you to encrypt sensitive information in a configuration file. Although primarily designed for ASP.NET, protected configuration can also be used to encrypt configuration file sections in Windows applications. For a detailed description of the new protected configuration capabilities, see Encrypting Configuration Information Using Protected Configuration.