I have a MMC client that runs on a .Net system, that invokes web methods on a server running on a linux box.
The first task the client needs to do is to perform user login. It prompts the user for username and password.
What is the best way for the client to authenticate the user's credentials. The password cannot be sent as plain text. The web server implements a web method called ValidateUser().
There isn't really enough information to go on here,
But generally passwords are sent as plain text to these services, but are secured by SSL, it is the job of SSL to secure the password.
The fact that passwords are sent as text is not important as they are secured by the SSL connection, however if you are unhappy with that you can hash the password (with salt) and then pass that to the server and match the stored hash you have in the database thats pretty much as secure as you can get, I'd reccommend a SHA-2 based hash.