.NET Webservice sessions

I'm having some wonders. How's session based authentication designed for webservices ? Imagine I do have a web solution where peo开发者_开发百科ple can sign up and then log themselves in, then they can do stuff that's processed by webservices (either hosted on the same machine or on a remote server).

I know how to manage sessions after log in on a regular web page, but how is my (remote or local) web service going to know that the user who's triggering it is logged in (in other words, is there a way to pass the session object to a web service in a secure way?)

I can think of simply calling the web service by giving it the session object but It looks kinda weak.

Thanks for your advises guys,

Miloud B.

Web services use http as the underlying protocol, so session state would be handled in a similar way to asp.net. So a cookie would be created containing the session id and this would be passed to and from the web service.

If i have misunderstood let me know a little more info. Cheers Tigger