.Net Encryption

Question

What I would like to know is the definite approach to encrypting connection strings in a config file. Here are my questions:

1. Using machine-level encryption,

Answer 1

Storing secrets with a symmetric encryption is always problematic as long as you do not want to promt for a password or use another technical solution to decrypt your secret (like special hardware). When you have to store the complete key anywhere on the system there will be a way for other people to retrieve it.

I would definitely try to use the operating system's mechanism. When you work in a pure windows environment with MS-SQL you should use the integrated security instead of user/password. Other databases might have similar capabilities, too.
Another (weaker) option is to secure the cleartext file with the security settings of the operating system - only the user gets access to the file. However you and your users have to trust the administrators. In this case you should use symmetric encryption in addition. But see my first arguments - it will not be really secure.