Azure Web API Project Recommended data connection settings using Entity Data Model Wizard

Question

I'm creating an Azure Web API that is connecting to an Azure SQL database. I was about to add the model classes using the Entity Data Model Wizard in Visual Studio when it asks what to do with the connection settings. I do not know what to do from here.

What is the recommended settings I should enter for this page?

I know that the API app settings from the Azure portal contain the connection settings to my database (From the Web app > Settings > Application Settings > Connection String)

Am I supposed to exclude the sensitive data, and somehow reference the connection string name from Azure portal?

And what about the last checkbox - am I supposed to save the connection data to WebConfig?

Answer 1

The security risk in this dialog means the connection string will be put in source code generated by the wizard. Some folks upload their sources to public repository such as GitHub, and it can cause password exposure.

But what about Web.config?

Web.config is dedicated file so that easily be excluded by .gitignore setting.

In short, your screenshot setting is fine to go and please check Web.Config is well ignored when you upload your code to public repository.

Commonly, ASP.NET developers use SlowCheetah plugin which gives separate Web.Debug.Config and Web.Release.Config files and makes Web.Config output along with build configuration.

=EDIT=

For deeper understanding and implementation, please read http://www.asp.net/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure

If you publish your ASP.NET to Azure WebApp, Azure portal gives handy UI to configure in settings. It overrides your Web.Config values. I recommend to use it.

Check out the documentation: https://azure.microsoft.com/en-us/blog/windows-azure-web-sites-how-application-strings-and-connection-strings-work/

You may click Restart button at WebApp after set it up.