Best way to store database passwords

[bri189a]

This is my first ASP.NET project... what is the best way to save user id and passwords for you database... the anyonomous user I guess would be hard coded in on the page itself, he/she would only have read permissions - is that the best way? But the admin, after he logs on should I store his user name and password in a cookie, session variable, or make it part of the ViewState object? What's the best practice?

Thanks.

 

[PlausiblyDamp]

Storing usernames in the DB is ok, storing passwords is generally a bad idea - it is much better to hash the password and store the hash value. When somebody logs on you hash the password they enter and compare this with the hashed value in the DB. This way no plaintext passwords are stored and neither are the hashes reversible (i.e. you can't get a password back from a hash).
If you are going to be authenticating users etc you probably want to look at Forms Authentication in .Net - it takes care of quite a bit of the hard work (like cookies etc)