Does anyone know of any best practices or 'standard' techniques for implementing authentication between a silverlight client and WCF services WITHOUT using either RIA Services or ASP.Net authentication & cookies.
My current best option seems to be to add additional message headers to each call and authenticate the user with each call. Any other ideas?
Authenticating with each call is a good technique for scalable solutions. One method you could look into is, one which many including some amazon web services and the likes of Ebay I think which is HMAC (Hash Message Authentication Code)
Andrew
You need to send information with each call.
You must however make sure that the information cannot be read for example by using SSL.
You can use the username/credential over HTTPS from SL3: http://msdn.microsoft.com/en-us/library/dd833059%28VS.95%29.aspx