Web.config connection string encryption and deployment

Occasional Visitor

Hi everyone,

I just want to get confirmation on two basic matters:

- Connection string encryption in the web.config and

- Deployment configuration to deploy a web application when the web.config needs to be encrypted


1. For Asp.Net applications, is still using the aspnet_regiis method, the best one to encrypt your connection strings in the web.config?

2. What about asp.net core? is it the same or may it differ? 

3. When deploying this asp.net web application to IIS using DevOps pipelines, what is the suggested method? should we just add the encrypted connection string as a deployment variable that we replace depending on the environment? (there would be one value for TEST, UAT and PROD, all different).



1 Reply

Hi @JaiNet2022,

Thanks for posting your issue here.

However this platform is used for how-to discussions and sharing best practices for building any app with .NET.Since your issue is a technical question, welcome to post it in Microsoft Q&A forum, the support team and communities on Microsoft Q&A will help you for any technical questions.
Besides, it will be appreciated if you can share it here once you post this technical question Microsoft Q&A.
Best Regards,
Lan Huang