I am in the planning stages of a .NET desktop app that will communicate with a web service. The web service requires a username and password, and a common feature in this sort of app is to save the user's credentials for the next logon (just a simple 'log me in automatically' checkbox).
I've thought of a few ways of achieving this, but I am not sure what the most secure way would be. Should it be stored encrypted in a file (and could someone nefarious copy that file to their own machine and hence logon as the original person), or in the registry somehow (I've not done any registry work before, is it secure and would it work)? Are there any other options I might not have thought of?
(Edit to clarify: The application will be available on the internet, so users will be running this on their own machines - while I understand there's a certain cutoff point in terms of security since I can't insist people use firewalls and anti-malware programs, I want to make it at least a little difficult for someone to gain unauthorised access.)