Here's a basic strategy approach.
1. Maintain a cache of authenticated sessions on the Server.
http://msdn2.microsoft.com/en-us/library/6hbbsfk6.aspx
2. Once a client authenticates, slip an entry into the cache and send back a
key value (GUID) which can be used to look up that entry in the cache.
3. On each successive method call, the client submits the key which was
received at the time of the successful login.
You need to decide what is going to be your transport mechanism for
shuttling the key back and forth. Available options are:
Funcitonal return of Login method / Explicit parameter on every method call.
HTTP Session Cookie (marshals automatically)
SOAP Header (marshals automatically)
4. When the user logs out, remove the flag from the cache. The corresponding
session key is no longer valid.
5. Keep in mind that you can specify expiration policies for information in
the cache. If a key arrives and the session is no longer in the cache, you
need to decide what approach to take. The standard approach would be to
force the user to re-authenticate and to create a new session. (GoTo Step
2.)
While the preceding is not a solution per se, I hope that this gives you a
bit of direction. If you have specific questions on any of these issues,
post back and we'll explore further.
Hope this helps,
Joseph Geretz
"JP" <JP@discussions.microsoft.comwrote in message
news:C6**********************************@microsof t.com...
>I have several sets of WS. The application making requests to these
services
must authenticate to the service by sending a UserName and Password
I wanted to set it up so that the parms were based at the WS level at the
time the application created an instance of the service. For example:
WebReference.ServiceName myService = new WebReference.ServiceName
("JP","password");
if this returns a 'ok' status then the app can use the methods in the
service
from this point on, the person can access any method in the service
string Name = myService.GetName("smith");
Basically I want to validate user credentials without having to pass the
username and password as parameters to every method in the service. I only
need to validate once.
I tried specifying the parms at the class level in the WS, but they wont
show up in the intelli-sense when I'm creating an instance.
How can I accomplish this?
--
JP
.NET Software Developer