When using forms authentication, you can decide where to store credentials for the users. You can store them in a custom file or in a database i.e. credential store. The easiest place to store credentials is directly in the web.config file through the <credentials /> subelement of the <forms /> configuration tag introduced in the article How to configure Forms Authentication in ASP.NET.
<authentication mode=”Forms”>
<!– Detailed configuration options –>
<forms name=”MyCookieName”
loginUrl=”DbLogin.aspx”
timeout=”20″>
<credentials passwordFormat=”Clear”>
<user name=”Admin” password=”(A&3_4**5qW)”/>
<user name=”Tom” password=”YcagWyw”/>
<user name=”Jerry” password=”T@#o$oC”/>
</credentials>
</forms>
</authentication>
Note: You can use web.config as a credential store for simple solutions with just a few users only. You can hash password values for credentials stored in the web.config file. Hashing is nothing more than applying one-way encryption to the password. This means the password will be encrypted in a way that it can’t be decrypted anymore.