When using forms authentication, you can decide where to store credentials for the users. You can store them in a custom file or in a database i.e. credential store. The easiest place to store credentials is directly in the web.config file through the <credentials /> subelement of the <forms /> configuration tag introduced in the article How to configure Forms Authentication in ASP.NET.

<authentication mode=”Forms”>

<!– Detailed configuration options –>

<forms name=”MyCookieName”

loginUrl=”DbLogin.aspx”

timeout=”20″>

<credentials passwordFormat=”Clear”>

<user name=”Admin” password=”(A&3_4**5qW)”/>

<user name=”Tom” password=”YcagWyw”/>

<user name=”Jerry” password=”T@#o$oC”/>

</credentials>

</forms>

</authentication>

 

Note: You can use web.config as a credential store for simple solutions with just a few users only. You can hash password values for credentials stored in the web.config file. Hashing is nothing more than applying one-way encryption to the password. This means the password will be encrypted in a way that it can’t be decrypted anymore.