If you don’t want your database connection string information hanging around in the configuration file as plain text, you can encrypt it with the aspnet_regiis utility. Here’s how:

Unfortunately the utility is hard coded to modify web.config, so you’ll have to rename your file first.

move MyApplication.exe.config web.config

Run the aspnet_regiis utility and tell it you want to encrypt the connectionStrings configuration section:

aspnet_regiis -pef connectionStrings . -prov DataProtectionConfigurationProvider

Restore your original filename:

move web.config MyApplication.exe.config

If you’re getting a “command not found” error, you’ll have to add the framework binaries to your path. The aspnet_regiis utility is usually located here: