ASP.NET webservice authentication from an iPhone app

I have my iPhone app that calls an ASP.NET Webservice to download "data". Most of this needs to be protected, but currently the webservice that's deployed can be called by anyone who can figure out its URL, thus resulting in a complete loss of security.

The simplest form that I can think of would be for the phone to make a call over HTTPS including the username, password that the user logs in with, with every web service all. And each method will check to see if these credentials are correct be开发者_JAVA百科fore sending data to the user.

But this will result in an additional database call for every request to check if the user is authenticated, which is not very efficient.

So how does one normally go about doing this?

Thanks,

Teja.

Or may be you can use session based web service. You can check the following question and answer. Session Based Webservice

I send the credentials in a soap header. But yes with every call i check the credentials on the database.