ROPC: connections strs and includes (#4842)

* ROPC: connections strs and includes

* ROPC: connections strs and includes

* ROPC: connections strs and includes

* ROPC: connections strs and includes

* ROPC: connections strs and includes

* ROPC: connections strs and includes

* ROPC: connections strs and includes

Author: Rick-Anderson

entity-framework/core/includes/managed-identities-test-non-production.md

@@ -0,0 +1,9 @@
+---
+description: A local database that doesn't require the user to be authenticated
+author: rick-anderson
+ms.author: riande
+ms.date: 10/23/2024
+ms.topic: include
+---
+> [!WARNING]
+> This article uses a local database that doesn't require the user to be authenticated. Production apps should use the most secure authentication flow available. For more information on authentication for deployed test and production apps, see [Secure authentication flows](xref:security/index#secure-authentication-flows).

entity-framework/core/miscellaneous/connection-strings.md

@@ -7,20 +7,36 @@ uid: core/miscellaneous/connection-strings
 ---
 # Connection Strings
 
-Most database providers require some form of connection string to connect to the database. Sometimes this connection string contains sensitive information that needs to be protected. You may also need to change the connection string as you move your application between environments, such as development, testing, and production.
+Most database providers require a connection string to connect to the database. The connection string:
+
+* Can contain sensitive information that needs to be protected.
+* May need to change when the app moves to different environments, such as development, testing, and production.
+
+For more information, see [Secure authentication flows](/aspnet/core/security/#secure-authentication-flows)
 
 ## ASP.NET Core
 
-In ASP.NET Core the configuration system is very flexible, and the connection string could be stored in `appsettings.json`, an environment variable, the user secret store, or another configuration source. See the [Configuration section of the ASP.NET Core documentation](/aspnet/core/fundamentals/configuration) for more details.
+The ASP.NET Core configuration can store connection strings with various providers:
+
+* In the `appsettings.Development.json` or `appsettings.json` file.
+* In an environment variable
+* Using the [Secret Manager tool](/aspnet/core/security/app-secrets#secret-manager)
+
+> [!WARNING]
+> Secrets should never be added to configuration files.
 
-For instance, you can use the [Secret Manager tool](/aspnet/core/security/app-secrets#secret-manager) to store your database password and then, in scaffolding, use a connection string that simply consists of `Name=<database-alias>`.
+For example, the [Secret Manager tool](/aspnet/core/security/app-secrets#secret-manager) can store the database password. When scaffolding and using Secret manager, a connection string consists of `Name=<database-alias>`.
+
+See the [Configuration section of the ASP.NET Core documentation](/aspnet/core/fundamentals/configuration) for more information.
 
 ```dotnetcli
 dotnet user-secrets set ConnectionStrings:YourDatabaseAlias "Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=YourDatabase"
 dotnet ef dbcontext scaffold Name=ConnectionStrings:YourDatabaseAlias Microsoft.EntityFrameworkCore.SqlServer
 ```
 
-Or the following example shows the connection string stored in `appsettings.json`.
+[!INCLUDE [managed-identities-test-non-production](~/core/includes/managed-identities-test-non-production.md)]
+
+The following example shows the connection string stored in `appsettings.json`.
 
 ```json
 {
@@ -30,19 +46,19 @@ Or the following example shows the connection string stored in `appsettings.json
 }
 ```
 
-Then the context is typically configured in `Startup.cs` with the connection string being read from configuration. Note the `GetConnectionString()` method looks for a configuration value whose key is `ConnectionStrings:<connection string name>`. You need to import the [Microsoft.Extensions.Configuration](/dotnet/api/microsoft.extensions.configuration) namespace to use this extension method.
+The context is typically configured in `Program.cs` with the connection string being read from configuration. Note the [GetConnectionString](/dotnet/api/microsoft.extensions.configuration.configurationextensions.getconnectionstring) method looks for a configuration value whose key is `ConnectionStrings:<connection string name>`. `GetConnectionString` requires the [Microsoft.Extensions.Configuration](/dotnet/api/microsoft.extensions.configuration) namespace.
 
 ```csharp
-public void ConfigureServices(IServiceCollection services)
-{
-    services.AddDbContext<BloggingContext>(options =>
-        options.UseSqlServer(Configuration.GetConnectionString("BloggingDatabase")));
-}
+var conString = builder.Configuration.GetConnectionString("BloggingContext") ??
+     throw new InvalidOperationException("Connection string 'BloggingContext'" +
+    " not found.");
+builder.Services.AddDbContext<BloggingContext>(options =>
+    options.UseSqlServer(conString));
 ```
 
 ## WinForms & WPF Applications
 
-WinForms, WPF, and ASP.NET 4 applications have a tried and tested connection string pattern. The connection string should be added to your application's App.config file (Web.config if you are using ASP.NET). If your connection string contains sensitive information, such as username and password, you can protect the contents of the configuration file using [Protected Configuration](/dotnet/framework/data/adonet/connection-strings-and-configuration-files#encrypting-configuration-file-sections-using-protected-configuration).
+WinForms, WPF, and ASP.NET 4 applications have a tried and tested connection string pattern. The connection string should be added to your application's `App.config` file, or `Web.config` when using ASP.NET. Connection string containing sensitive information, such as username and password, should protect the contents of the configuration file using [Protected Configuration](/dotnet/framework/data/adonet/connection-strings-and-configuration-files#encrypting-configuration-file-sections-using-protected-configuration).
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -75,7 +91,7 @@ public class BloggingContext : DbContext
 
 ## Universal Windows Platform (UWP)
 
-Connection strings in a UWP application are typically a SQLite connection that just specifies a local filename. They typically do not contain sensitive information, and do not need to be changed as an application is deployed. As such, these connection strings are usually fine to be left in code, as shown below. If you wish to move them out of code then UWP supports the concept of settings, see the [App Settings section of the UWP documentation](/windows/uwp/app-settings/store-and-retrieve-app-data) for details.
+Connection strings in a UWP application are typically a SQLite connection that just specifies a local filename. They typically don't contain sensitive information, and don't need to be changed as an application is deployed. As such, these connection strings are usually fine to be left in code, as shown below. If you wish to move them out of code then UWP supports the concept of settings, see the [App Settings section of the UWP documentation](/windows/uwp/app-settings/store-and-retrieve-app-data) for details.
 
 ```csharp
 public class BloggingContext : DbContext