I want to keep encrypted connection string and stmp information in the web.config.

can I store Connection String and SMTP information in web.config encrypted and where I need just decrypted and use?

OR

What is the point/event where i can encrypt the Connection String and SMTP and save in the web.config? (and if the changes happen in web.config in that, is existing session expired?)

What is the best solution?

Thanks

It's easy to do with aspnet_regiis.exe- look at the pe/pd/pef and pdf options. You can also do it programmatically. It works by encrypting a specific configuration section. In your case that is the connectionStrings and smtp sections.

You can use either DPAPI or RSA and you can encrypt on either a machine wide basis or on a specific user account.