asp.net – 对于在Azure部署的Web.config中存储密码的正确程序感

我在Azure上安装MVC 5应用程序时遇到了非常令人沮丧的经历.我一直在阅读以下页面： http://www.asp.net/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure

但是我没想到的是以下内容：

Security Warning: Do not add your secrets .config file to your project or check it into source control. By default,Visual Studio sets the Build Action to Content,which means the file is deployed. For more information see Why don’t all of the files in my project folder get deployed? Although you can use any extension for the secrets .config file,it’s best to keep it .config,as config files are not served by IIS. Notice also that the AppSettingsSecrets.config file is two directory levels up from the web.config file,so it’s completely out of the solution directory. By moving the file out of the solution directory,“git add *” won’t add it to your repository.

和：

Security Warning: Unlike the AppSettingsSecrets.config file,the external connection strings file must be in the same directory as the root web.config file,so you’ll have to take precautions to ensure you don’t check it into your source repository.

问题如下：当我上传带有外部文件的Web.config文件而没有被包含时,我遇到“系统无法找到指定的文件”,所以为了它消失我必须包含.config文件击败微软帖子的目的.

我真的真的不明白.我在Azure的门户中添加了connectionStrings和appSetting的密钥.将我的密码和机密放在网上的正确和安全的方法是什么？我错过了什么？是因为我在调试模式下运行吗？

根据这个：
How can I secure passwords stored inside web.config?

访问Web.config文件没什么好担心的……

但这只是蔑视微软的帖子.

谢谢.