One of the primary places that sensitive information is stored in an ASP.NET application is the Web.config file. To help secure information in configuration files, ASP.NET provides a feature called protected configuration, which enables you to encrypt sensitive information in a configuration file. A configuration file that encrypts the connection string values using protected configuration does not show the connection strings in clear text, but instead stores them in encrypted form.

Integrated Security="True" in web.config file during connection string

what is the best way to encrypt or decrypt conn string?

We can encrypt by using the following command aspnet_regiis.exe -pd "connectionStrings" -app "/VIRTUALFOLDER" You can find more options on this in the following MSDN link https://msdn.microsoft.com/en-in/library/bb986792.aspx

dd