When using forms authentication, you can decide where to store credentials for the users. You can store them in a custom file or in a database i.e. credential store. The easiest place to store credentials is directly in the web.config file through the <credentials /> subelement of the <forms /> configuration tag introduced in the article How to configure Forms Authentication in ASP.NET.

C# 8.0 and .NET Core 3.0 – Modern Cross-Platform Development: Build applications with C#, .NET Core, Entity Framework Core, ASP.NET Core, and ML.NET using Visual Studio Code, 4th Edition
ASP.NET Core 3 and Angular 9: Full stack web development with .NET Core 3.1 and Angular 9, 3rd Edition
C# in Depth, 4th Edition

<authentication mode=”Forms”>

<!– Detailed configuration options –>

<forms name=”MyCookieName”



<credentials passwordFormat=”Clear”>

<user name=”Admin” password=”(A&3_4**5qW)”/>

<user name=”Tom” password=”YcagWyw”/>

<user name=”Jerry” password=”T@#o$oC”/>





Note: You can use web.config as a credential store for simple solutions with just a few users only. You can hash password values for credentials stored in the web.config file. Hashing is nothing more than applying one-way encryption to the password. This means the password will be encrypted in a way that it can’t be decrypted anymore.