In my application I have to do repeated calls to webservices which require authentification. The users do not want to repeatedly enter authentification information (username and password).

Is there an secure way to store the password at least for the length of the session the application is running, so the user has to enter the data only once?

At the moment I hold the password in memory and encrypt it after entering and decrypt it when it is used for the service call. But I feel somewhat uncomfortable with it. Is this a recommend way to handle that kind of data?

What about storing a password in a database to use it in multiple sessions? Is there an recommend way of handling that? I heard of bcrypt and pbkdf2. But they are just for hashing purposes and to compare an entered password against, not to use the "decrypted" password again.

Or would it be a better approach to use an external password cache, like keepass (or whatever there can be used).

For in-memory storage, use SecureString class or NetworkCredentials, that uses SecureString internally.

For persistent storage, encrypt the password using Data Protection API. It will encrypt it with the key that is only accessible to current windows user on this computer.