Web.config 是正确的选择.如果您担心，可以加密连接字符串.加密Web.config中的连接字符串，ASP.NET已经支持它，看来您已经知道...

Web.config is the right place for this. You can encrypt the connection string if that's a concern for you. Encrypting the connection string in Web.config it's already supported in ASP.NET and it seems that you already know that...

链接以供参考.