The default configuration mechanism built into .NET Core and leveraging appsettings.json should be used for most all scenarios. Along with appsettings.json, each environment should have a unique appsetting.[environment].json file.
The web server will be configured to use the appropriate appsettings file for each environment.
For more information about .NET Core Configuration, visit https://docs.microsoft.com/en-us/aspnet/core/fundamentals/configuration/
Usernames and passwords should not be stored in configuration files and persisted to source control.
If usernames and passwords must be used, they can be set in several ways including leveraging Azure App Configuration, Azure KeyVault, or overriding configuration with Azure App Services configuration.
PREVIOUS: Authentication and Authorization
Solution Architecture Guidance