Best practice for storing cross domain web service access credentials?
See the question and my original answer on StackOverflowI suggest you have a look at "Windows Identity Foundation". It may be overkill for you, or the prerequisite may not match, but it's anyway worth reading as its very instructive in terms of claims based architecture with Microsoft technology.
The two principal white papers for developers are: