Hi,
If you are talking about logon using ASP.NET forms authentication, the framework already gives you everything you need.
1) If you are storing passwords in a database or config file, you want to hash them.
HashPasswordForStoringInConfigFile() method exists for that if you are implementing forms authentication the old way. If you are using ASP.NET 2.0 membership providers, the passwords are stored as SHA-1 hashes by default, but you can
choose another algorithm.
2) Encrypt and sign your authentication tickets. This is accomplished by
forms protection="All" in your configuration. That and other related topics are covered
here.
3) The transport should use encryption, so that your credentials can't be sniffed by somebody along the way -- if you haven't already, set the web server up to support HTTPS.
