You can not. Although you can encrypt the connection string in the app.config file, the application should be able to decrypt it, and therefore you can always get an unencrypted connection string, especially with a managed application (maybe not for your regular end user, but any experienced developer can do this) .
The solution to this is not to rely on the safety of obscurity . Use Windows Integrated Security when connecting to a database using a Windows user account and granting the user the minimum amount of rights in the database.
Often this is not enough because it is very difficult to provide a sufficient database when end users are directly connected to the database (often because you need row-level security). To do this, you need to deny access to tables and views and completely return to stored procedures.
However, the best approach is to prevent the direct application from directly accessing the database; use the web service as an intermediate layer. In this case, you have full control over security, and you can safely store the connection string on the web server.