it's really never a good idea to hard code user names and passwords anywhere in code, not only for security reasons, but your code will break if they ever change or are deleted. If you have to hard code something, I would use the Web.Config file and then encrypt that file when it's time for deployment. If you google web.config encryption you'll come up with an encyclopedia of stuff out there on how to do it.
You don't have to implement a database if you don't need to. As mentioned, you can store a username and password combination in your web.config file, and then encrypt the section so that it is not human readable.
If you provide more details about what exactly you are trying to achieve I am sure we can come up with a solution.