You could store the key on secure storage or on a secure device (something like a smart card). It could probably still be compromised if an attacker has access to your server, but it would not be stored in memory (at least not all the time).
It would certainly help in case an attacker dumps your DBs and/or downloads your WebApp.exe