Using XML Application Configuration Files

You can use the <appSettings> element to store a database connection string in the custom settings section of an application configuration file. This element supports arbitrary key-value pairs, as illustrated in the following fragment:

<configuration>
 <appSettings>
  <add key="Shashi"
     value="server=(local);Integrated Security=SSPI;database=Nic"/>
 </appSettings>
</configuration>
  

Note   The <appSettings> element appears under the <configuration> element and not directly under <system.web>.


Advantages

  • Ease of deployment. The connection string is deployed along with the configuration file through regular .NET xcopy deployment.
  • Ease of programmatic access. The AppSettings property of the ConfigurationSettings class makes reading the configured database connection string an easy task at run time.
  • Support of dynamic update (ASP.NET only). If an administrator updates the connection string in a Web.config file, the change will be picked up the next time the string is accessed, which for a stateless component is likely to be the next time a client uses the component to make a data access request.

Disadvantages

  • Security. Although the ASP.NET Internet Server Application Programming Interface (ISAPI) dynamic-link library (DLL) prevents clients from directly accessing files with a .config file extension and NTFS permissions can be used to further restrict access, you might still want to avoid storing these details in clear text on a front-end Web server. For added security, store the connection string in encrypted format in the configuration file.

More Information

  • You can retrieve custom application settings by using the static AppSettings property of the System.Configuration.ConfigurationSettings class. This is shown in the following code fragment, which assumes the previously illustrated custom key called DBConnStr:
    using System.Configuration; private string GetDBaseConnectionString() { return ConfigurationSettings.AppSettings["Shashi"]; }