The less configuration points you have, the less complex your code will be, and the easier it will be to install and maintain the application. So you probably have more than the connection string in your app.config, distributing it, or creating encryption classes only increases complexity, and you have to keep two separate places for maintenance. Another thing, windows registry is a relatively delicate place, you should not have to worry about it when you connect it, nor when you back up the settings of your production environment, you just have to copy a text file (encrypted or not).
Whether you implement publishing strategies such as Continuous Integration or Continuous Delivery, you realize very clearly the advantage this entails in making a new release available. Since publishing a version should be simple and routine.
This is well discussed here:
link .
If you do not want to use the strategy discussed there, you can simply use the .net encryption tools to generate the encrypted string and save it to a key of the app.config by doing this in your installer and using some reverse encryption algorithm. You do not need to implement this, .NET implements these features since version 2.0 of the framework, just configure .config with a protected session and change your code to something like:
static void ToggleConfigEncryption(string exeConfigName)
{
// Takes the executable file name without the
// .config extension.
try
{
// Open the configuration file and retrieve
// the connectionStrings section.
Configuration config = ConfigurationManager.
OpenExeConfiguration(exeConfigName);
ConnectionStringsSection section =
config.GetSection("connectionStrings")
as ConnectionStringsSection;
if (section.SectionInformation.IsProtected)
{
// Remove encryption.
section.SectionInformation.UnprotectSection();
}
else
{
// Encrypt the section.
section.SectionInformation.ProtectSection(
"DataProtectionConfigurationProvider");
}
// Save the current configuration.
config.Save();
Console.WriteLine("Protected={0}",
section.SectionInformation.IsProtected);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
You can read the detailed instructions (documentation) on how to do this here:
4 "> link