Best practice for connecting to entity SQL DB on Azure from ASP.NET API

Question

I am currently connecting to a SQL db deployed to azure via a connection string in the constructor of my DBContext class, like so :

public class ImageContext : DbContext
{
    public ImageContext() : base("Data Source=tcp:example.database.windows.net,1433;Initial Catalog=example;User Id=exampleacc@example.database.windows.net;Password=example")
    {
    }

    public DbSet<item1> item1 { get; set; }
    public DbSet<item2> item2 { get; set; }

    protected override void OnModelCreating(DbModelBuilder modelBuilder)
    {
        modelBuilder.Conventions.Remove<PluralizingTableNameConvention>();
    }
}

I recognize this as a bad practice because I have my username and password as plain text in the source code. Can someone please point me in the right direction to connect to this DB safely?

There are several best practices but if you want something simple you can put the connection string in a config file. If you want it to be encrypted you can use the following website for info: https://www.codeproject.com/tips/598863/encryptionplusdecryptionplusconnectionplusstringpl — user1628733, Jan 24 '17 at 21:03
Store the connection string in the web.config and encrypt it. http://stackoverflow.com/questions/11637348/encrypt-connection-string-in-app-config — Rick S, Jan 24 '17 at 21:03
Another idea would be to use Azure KeyVault to store the username, password, and/or connection string. — Cameron, Jan 24 '17 at 21:06
Is there any benefit to putting the string into the web.config file without encrypting it? Also a quick idea of how to implement that would be awesome. I've tried before but could not get it to work.. — JakeD, Jan 24 '17 at 21:10

Best practice for connecting to entity SQL DB on Azure from ASP.NET API

0 Answers0