Normal practice is to store connection string(database, excel, etc.) of any web application in web.config file. But on security point…