There are multiple ways to do it. You could prompt the user for the information, store it in the registry (if it's windows), store it elsewhere, ...
However, if you want to pass security audits in your company, you ought to find out what everyone else is doing, and do it the same way (if possible). That way you won't have a username/password sitting out there in a non-standard location ready to bite some poor maintenance programmer at some future time.
When your only tool is a hammer, all problems look like your thumb.