In my asp.net application, at first time launching the application, if there is no database connections provided, it will redirect to separate page asks for entering the database details, if they provide valid details, we have to create the new database and need to use that connection string through out the application.
Here what my scenario is, after creating the database i stored the connection string in web.config file programmatically, but when i trying to reuse the connection string it showing the empty string.
I come to know that web.config file only gives the values what we provide at compile time. To overcome this situation i go for XML files to store connection string which is not secured to store the secured and sensitive information. Because my application should have the capability to change the connection string from front end.
My questions are:
and any other better solution is appreciated.
1 ) Is there any way to store the connection string securely,and that to have to change dynamically if change from the application.
Why not store the connection string encrypted? The connection string is just a string, so you could store it in XML or even another database. You will need to make your code read this as the connection string rather than one from web.config. There is no requirement for an ASP.NET application to read connection strings from web.config.
2) I can access my XML file though browser, and can view all connection details, how can i restrict to access the XML file from the URL.
Store your file within /App_Data - this is a specially protected .NET folder that does not allow access via the web server. i.e. http://www.example.com/App_Data/foo.xml cannot be read.