In ASP.NET 1.x, encrypting database connection strings and other sensitive bits of information was typically done by storing encrypted data in a registry setting, as discussed in How To: Store an Encrypted Connection String in the Registry. This approach, however, required you to write a lot of code. You needed to write code to encrypt the connection string and slap it in the registry, and then, whenever you needed to access the protected setting, you'd need to write more code to pull it out of the registry and decrypt it.
Thankfully with ASP.NET 2.0 protecting configuration settings is much easier. The .NET Framework now ships with configuration-related classes that allow you to encrypt portions of your configuration files in just a few lines of code, as well as a command-line tool (aspnet_regiis.exe) for doing to same but without needing to author any code. And once encrypted, no code is needed to decrypt the values. You can just access them using the exact same code from your ASP.NET pages regardless of whether the underlying data is encrypted or in plain-text. Furthermore, the ASP.NET 2.0 protected settings system uses the provider model, so you can either use the DPAPI or RSA encryption routines that ship with the .NET Framework, or you can create your own provider to take advantage of a different encryption algorithm. (It really is surprisingly easy to go from an unencrypted Web.config file to one that has protected <connectionStrings> and <appSettings> sections...)
My latest 4Guys article, Encrypting Configuration Information in ASP.NET 2.0 Applications, looks at how to encrypt configuration settings as well as the different encryption options.