ASP.NET Core: Where to place Connection String for Production
Question
ASP.Net Core, using version 5.0.100, and I am trying to publish my web application to a hosting provider. I am trying to figure out where to place my connection string. As of right now I have it inside appsetting.json .
"ConnectionString": {
"default": "data source=.; database= myDataBase; user id = sa; password = myPassw0rd",
}
Is this bad practice? I am worried that someone may find the connection string and hack the website. Thank you in advance!
2 answers
solution1
2 2020-12-20 01:42:59
There are several places you can put your connection string:
- Settings files, such as appsettings.json
- Environment variables
- Azure Key Vault
- Azure App Configuration
- Command-line arguments
- Custom providers, installed or created
- Directory files
- In-memory .NET objects
See the documentation for Configuration in ASP.NET Core for configuration for all of the above. Each option carries different kinds of risk, so you'll need to evaluate which one makes the most sense for your use case.
solution2
1 2020-12-20 02:23:26
It's good that you're questioning how to best manage connection strings. Storing credentials in any configuration file like appsettings.json and web.config is a bad idea. There are a number of ways to protect your secrets. It really comes down to your specific use case. My preferred method is using Application Pool Identities. Here aa few resources to get you started.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.