18

Up until now I have been using gitignore to ignore my web.congfig and web.release.config files so that my connections strings (including passwords) do not get stored in the git repository.

This has been fine with changes to the web.config being passed around on encrypted removable media.

BUT I have just started to look at using continuous integration and storing my code on Visual Studio Team Services. For this to work (unless you can suggest a fix) I must have the web.config included as part of the project.

I am hosting the application on a windows server (in-house) with MSSQL DB and a connection to an Oracle DB on different server.

I'm not the most advanced developer but holding my own so far. All support greatly welcomed.

Improve this question
1

5 Answers 5

Reset to default
17

You can achieve that by moving your connection string details to external configuration file. Say you move your connection string to connections.config file

<connectionStrings>  
  <add name="Name"   
   providerName="System.Data.ProviderName"   
   connectionString="Valid Connection String;" />  
</connectionStrings>

Now in web config you can reference this file for connection string as

<?xml version='1.0' encoding='utf-8'?>  
<configuration>  
    <connectionStrings configSource="connections.config"/>  
</configuration>

More detail about external configuration file

After that you can list your connections.config file in gitignore file

Then push to your git repo.

But make sure that your readme file contains necessary settings to apply to make your app working for other developer. As you have moved your connection details to another file other may not be familiar with that approach and may cause some issue.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thank you, yes this seems to be the best way but I have to exclude the connections.config file from the project else it will require it at build. I've not yet deployed from VSTS but at least it builds successfully.
1

You're right to avoid putting login credentials into the source control repo.

At the same time, even without CI considerations, you've been building a limited history, in that git cannot help you determine what a web.config should look like if you're reproducing the environment of a previous release for some reason (like tracking the origin of a bug).

A typical approach is to store a template for each affected config file. (This is useful not just for values that are sensitive, but also those that might local between environments and/or dev workstations.)

In the simplest case, a developer checks out the code then copies web.config.template (or something like that) to web.config, then edits web.config to insert required values. (You continue telling git to ignore web.config.)

For a CI scenario, you'd like the build process to automate the insertion of values (and error out if it doesn't have appropriate values to insert). For example Maven calls this "resource filtering" - you'd store a "filter" (a file that maps placeholders to actual values) for each environment on the build server, and developers could maintain their own filters for local builds.

(If you don't use a build tool that has this sort of functionality, you could just keep a copy of the web.config available on the build server, but that's error-prone when the web.config should change.)

Improve this answer

1 Comment

With CI would this then not cause issues publishing the files to the server where it always replaces the old Web.config with a newer version (except it will not have the vital info)?
1

Could you simply move your connection string to a new file and ignore that? You could then reference that file using config source?

Outlined here: http://johnatten.com/2014/04/06/asp-net-mvc-keep-private-settings-out-of-source-control/

This keeps your web.config in tact completely, just getting your con string out of the way.

Improve this answer

Comments

0

You can simply move your connection string to a new config file and then reference that file using config source

After that you can publish it to file system -> Go to Visual Studio Tools -> Open Developer Command Prompt in admin mode -> Give command aspnet_regiis -pef "connectionStrings" "Path where your you have published your code" -prov "DataProtectionConfigurationProvider"

You will get encrypted config file from this. That can be read while runtime.

For decryption you can use command: aspnet_regiis -pdf "connectionStrings" "Path where your you have published your code"

Improve this answer

Comments

0

From the docs about Connection Strings, "In ASP.NET Core the configuration system is very flexible, and the connection string could be stored in appsettings.json, an environment variable, the user secret store, or another configuration source."

Configuration in ASP.NET Core details each of these approaches

  • Settings files, such as appsettings.json
  • Environment variables (my personal favorite)
  • Azure Key Vault
  • Azure App Configuration
  • Command-line arguments
  • Custom providers, installed or created
  • Directory files
  • In-memory .NET objects
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.