I need to deploy my MVC (Web api2.0) applications into QA then after passing, into production. My apps access several SQL databases. I cannot set security=integrated in either QA or Production so I set it to False but need to include the UID and Passwords in the web config files. I know I am missing something here but how can I make process more secure and more generic so that I do not need to recompile between Dev - QA - Production and do not need to place the credentials in the web config?
Encrypt them, copy the encryption results in your config, then decrypt. Here's one way to do that:
Encrypt and decrypt a string