What would be the best way to secure .net web services used by a flex application (both desktop and browser) that requires login?
I thought about requesting the user and password in every method of the web service, and having them stored as variables in the flex app, but I don't feel like this is the most elegant way.
suggestions?
thanks
Well, the fast and easy way would present a few options.
On every call pass the username/password via a header, and make it common place to re-validate.
Go with a "session" type setup, have them login once, give them a secure token, and they pass that for the rest of the time.
Those are at least the "fastest" ways of doing this. You have other options as well, but they are not as straight forward. In all of my WS integration processes these are the two most common.