Hi myship,,
For password I suggest[if its in your list of the columns to be secured] don't store it at all, rather store it hash i.e. create a hash of the password when user is creating his A/C or changing a password. When next time request comes generate a hash and match against the hash stored in DB. This is a standard approach used by many sites.
For other data, you can use a modified version of the code shown here : http://stackoverflow.com/questions/165808/simple-2-way-encryption-for-c
Also if you have better control over the site i.e. its your own sever and users are going to be authenticated using Windows Authentication you can always go for Good Old Data Protection API[DPAPI]
http://www.c-sharpcorner.com/UploadFile/mosessaur/dpapiprotecteddataclass01052006142332PM/dpapiprotecteddataclass.aspx
Also you can use SQL 2008 transparent encryption, that you have to read a little bit before you make a call. Here are the links :
http://msdn.microsoft.com/en-us/library/bb934049.aspx
http://edge.technet.com/Media/580/
http://blogs.msdn.com/b/lcris/archive/2007/10/03/sql-server-2008-transparent-data-encryption-feature-a-quick-overview.aspx
Let me know if you have any question/concerns.
Regards,
Chinmay
