Tag Archives: ConnectionString

Different ways for setting Connection Strings in Asp.net / Various ways to use Connection Strings

There are various ways to declare and use connections strings like Web.config file, Application variables,Hardcoded strings, components etc.

There are many ways where we can keep the connection strings in web.config file , as it is completely safe.One cant access the web.config file by request from fronend/browser.It is been avoided using IIS.But there can be the case that if the user gets the direct access to Server and can able to see the files and more info.In this case we can use Encryption & descryption facility provided by .Net.

1) First of all & simple is use Connection string using in Web.config we can access the same in code behind C# as follows

string conn = ConfigurationManager.ConnectionStrings[“ConnectionString”].ConnectionString;

quite easy to use !!!!

2) we can also store connectionstrings into .you need to add an AppSettings section, like this one:we can access the same in code behind C# as follows
string connstring = ConfigurationManager.AppSettings[“ConnectionString”];

3) You can keep Connection Settings in web.config file with the protection of Encryption & descryption of particular sections.Then read it in your program and decrypt it before Editing. Check out the encryption/decryption APIs in .net.
e.g. IF we want to encrpt “connectionStrings> section then do the following/write following at command prompt of visual studio-
aspnet_regiis -pe “connectionStrings” -app “/YourApplicationName

The -pe option and the string “connectionStrings” to encrypt the connectionStrings element of the Web.config file for your application.
The -app option and the name of your application.

open web.config then and check the encryption completed !!!

For decryption of the same file
aspnet_regiis -pd “connectionStrings” -app “/YourApplicationName
Detail Reference

4) If we are having multiple connection strings then we can declare them in web.config and for accessing them easily & securily we can create one static class file in App_Code folder. I am explaining it with one sample example.

In the Web.Config –

<add name=”NewConnectionString” connectionString=”Data Source=TestSource;Persist Security Info=True;User ID=username;Password=password;” providerName=”your data provider”/>

Static Class file under App_Code e.g. ConnectionSettings.cs –

public static class ConnectionSettings
public static string ConnectionString

// code for accessing the connection string from web.config we can do it directly or using any other method //depends upon needs
string conn = ConfigurationManager.ConnectionStrings[“ConnectionString”].ConnectionString;

return conn;


Then we can able to access connection string settings as ConnectionSettings.ConnectionString

5) we can also read the connection string in Global.asax and store it in a applictaion level variable. and then we can read connection string from application variable so accessing web.config multiple times while accessing DB can be avoided.
Detail Reference

6)Also Last but not least I read recently that we can also create Dll with all Data Connection and run dotfuscator for more security if we are going to put connection settings part at client side.

There can be many more ways to use it …