Authentication in WCF

I am currently following this scenario

Instead of a Windows Forms client, I have an ASP.NET MVC web app.

I am a little worried about the sending of the username and the password on开发者_JAVA技巧 every call to the Web Service.

That means I will have to carry this information all the time in the session.

Wouldn't that be little security problem ?

Why would you have to carry the credentials all the time in the session? According to the example you're following, they're being set in the proxy (when it's created).

If you're worried about having to cache the credentials for recreating the proxy as needed, then you can cache an instance of ChannelFactory, and then generate new proxies from that instance as needed.

Regardless of what path yout take, the credentials are going to have to be stored somewhere, somehow, unless your application prompts the user for their credentials for every WCF operation.

You can implement WS-Security in your service.

This means you can send user credentials in the header of the message encrypted. Lots of examples out there for this.