First, you should never store a password anywhere, ever. This is unsafe. Authentication never needs a password. Isn't this obvious? A hint: you can use a
cryptographic hash function, please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[
^].
Compare hash with a hash, never an original form of a password. Nobody should ever know it except the owner of it, the user.
Now, don't use MD5 or SHA-1 algorithms; they are unsafe. For example, use one from SHA-2 family. Please see:
http://en.wikipedia.org/wiki/Md5[
^],
http://en.wikipedia.org/wiki/SHA-1[
^],
http://en.wikipedia.org/wiki/SHA-2[
^].
They are well implemented in .NET, please see:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[
^].
Now, where to store it and the user names? There are no a concept of "global" in .NET (thanks goodness! finally!). You can use the
singleton pattern, please see:
http://en.wikipedia.org/wiki/Singleton_pattern[
^].
A correct .NET implementation is shown here:
http://csharpindepth.com/Articles/General/Singleton.aspx[
^].
—SA