views:

154

answers:

6

What is the difference between storing and reading your application's connection string in the <appSettings> and <connectionStrings> sections of web.config?

+5  A: 

The appSettings section is for application custom values. The connectionStrings section is used explicitly for connection strings that you will use to connect to the database. With the later, you can do this:

ConfigurationManager.ConnectionStrings["YourConnectionString"].ConnectionString;

To read an app setting value, you can do this:

ConfigurationSettings.AppSettings["SomeCustomKey"];
dcp
+8  A: 

.NET gives built-in support for managing a connection string along with a provider if specified in the <connectionStrings> section.

Also, built-in membership and role providers depend on the connection string being present in the proper section.

kbrimington
A: 

Values stored in the ConnectionStrings section also include a provider key/value pair to store the provider name.

Chris McCall
+1  A: 

<connectionStrings> is a designated location for ConnectionStrings, and as such has connectionstring-specific options (such as the provider attribute).

<appSettings> can be used, but is not the expected location--so all programmatic access to retrieve/modify the values must be explicitly done. It's also a generic key/value store--so there is nothing connectionstring specific about it.

STW
A: 

In the documentation: The connectionStrings element specifies a collection of database connection strings, as name/value pairs, for ASP.NET applications and features. In previous versions of ASP.NET, connection strings were stored in the appSettings. In ASP.NET 2.0, features, such as Session, Membership, Personalization, and Role Manager, rely on connection strings that are stored in the connectionStrings element. You can also use the connectionStrings element to store connection strings for your own applications.

So basically, appsettings is for custom and the connectionstrings are used by the framework itself on some occasions.

Alexandre Deschamps
+1  A: 

Connection string encryption

Connection string section is meant to be used for connection strings because some parts of asp.net framework uses them. But even better than that is the built-in support for encrypting these connections and things will keep working.

If you'd try to do the contrary and encrypt connection string in appSettings (which you could of course), you'd have to take care of

  1. encrypting that data and putting it in web.config file
  2. decrypting when using this connection string

.Net provides both out of the box.

Robert Koritnik