If you're concerned about keeping critical information in your Web.config file, then you should encrypt it -- or at least the parts that you're concerned about.

Practical ASP.NET Managing Web.Config Settings During Deployment Moving from a test to a production environment can be tricky. Here's where the Web Deployment Projects add-on comes in handy. By Peter ...

An additional problem is that Web.config files were designed to be changed at any time, even after the Web-based applications are in production.

Likewise, the Machine.config system file provides ASP.NET configuration settings for the entire Web server and forms the base settings for Web.config files used within an ASP.NET application ...

A major area where security is often lax is the web.config file. Usually stored in plain text, an intruder who gains access to this file can then easily access databases and other resources both ...

Tweaking the settings in your configuration files in ASP.Net can provide a nice performance boost. These files include machine.config and web.config. The web.config file is application-specific ...

However, even the most meticulous and security-aware C# or VB.NET code can still be vulnerable to attack if you neglect to secure the Web.config configuration files of your application.

Likewise, the Machine.config system file provides ASP.NET configuration settings for the entire Web server and forms the base settings for Web.config files used within an ASP.NET application ...

Can you put the various environment keys into their own .config file, and then include that file in the main web.config? Then you can just add in the correct .config in your build/install scripts.

So the customer has some funtionality governed by .Net in their web application. We've been seeing some issues with this function in which periodically the end user gets a session timeout.One of ...