WCF Emulate the Salesforce.com login service

How would I accomplish what Salesforce.com does for logging in with WCF? I would like to have an authentication service that returns a token on a correct login. Then, each set of service calls would pass the token back. I don't want to pass the token on each method call.

What is throwing me is how the session header is part of the binding.

I am also looking for why this is or isn't a good idea. I think it is clean and simple.

Thanks!

 // Create service object   

  binding = new SforceService(); 
  // Invoke the login call and save results in LoginResult   

  LoginResult lr = binding.login("username","password"); 
  if (!lr.passwordExpired) {
  // Reset the SOAP endpoint to the returned server URL   

  binding.Url = lr.serverUrl; 
  // Create a new session header object   

  // Add the s开发者_StackOverflow社区ession ID returned from the login   

  binding.SessionHeaderValue = new SessionHeader(); 
  binding.SessionHeaderValue.sessionId = lr.sessionId; 
  GetUserInfoResult userInfo = lr.userInfo; 
  } else {
    Console.WriteLine("Your password is expired.");
  }

I believe you are looking to leverage the Windows Identity Foundation and it's Security Token Service / STS model.