21

I am working on a asp.net mvc web application that perform some API calls to other web applications. but currently I am storing the API username, API password and API URL inside my code. As follow:-

using (var client = new WebClient())
                {
                    //  client.Headers[HttpRequestHeader.Accept] = "AddAsset";
                    var query = HttpUtility.ParseQueryString(string.Empty);
                    foreach (string key in formValues)
                    {
                        query[key] = this.Request.Form[key];
                    }

                    query["username"] = "testuser";
                    query["password"] = "……";
                    query["assetType"] = "Rack";
                    query["operation"] = "AddAsset";
var url = new UriBuilder("http://win-spdev:8400/servlets/AssetServlet");
                    url.Query = query.ToString();
                    try
                    {

But storing these setting inside my code will not be flexible in case I need to change the API call settings, and it is not secure. So what is the best way to store these setting . I was thinking to create two database tables one for storing the URL(and there might be multiple URLs sin the future). And another table to store the username and password. So is creating database tables the right way to store these settings.

Improve this question
1
  • 2
    You could store them in your web.config file. You could also encrypt those settings that require security. Commented Aug 4, 2013 at 15:52

1 Answer 1

Reset to default
40

2022 UPDATE: Now in .NET Core you should use the new Configuration API (appSettings.json or other providers / IConfiguration class injected into your classes/controllers), but the same principles apply. Read more about .NET Core configuration here.

You should use the Web.Config file (Configuration API) to store these settings. This way you will be able to update settings without having to recompile your entire application every time. That's the most standard way to store settings in a Web (MVC or WebForms) application, and gives you the possibility to encrypt sensitive settings transparently to your application.

You can access stored settings using the WebConfigurationManager class. Here you can find some examples of how to use it.

Code sample:

Web.config appSettings:

<appSettings>
    <add key="ApiUserName" value="MySampleUsername" />
</appSettings>

C# Code:

string userName = System.Web.Configuration.WebConfigurationManager.AppSettings["ApiUserName"];
Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

so i have to manually add them to my web.config file?. but how i can retrieve them , and how i can encrypt then decrypt sensitive data ?
You can retreive them by using: ConfigurationManager.AppSettings["Username"] for example
@johnG I updated my answer with some references that will be useful for you.
Is there any documentation to specifically show that the Web.config will not be recompiled? This is important to me.
@IssaFram I'm answering this just for others sake. When you update your web config file it recycles the app pool in iis, this resets your cache, restarts the app, etc. but it does not recompile the application, because it doesn't touch any dlls, it merely modifies a file that iis reads.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.