I'm using ASP.NET MVC2 which request methods from Web-service (My all DAO place in Web-service). For Web-service using Basic Authentication. For authentication from asp.net to web-service, I use FormsAuthentication. For this I was write WebServiceMembershipProvider inheritance from MembershipProvider. In method ValidateUser I connect to Web-service and if authentication was successfully - save ticket in cookies use FormsAuthentication.SetAuthCookie.
My question: where I must store username and password after validation: Cookies, Session or other? I need stored username and password for send it to Web-service before call methods in Credentials, for example:
MyServiceSoapClient client = new MyServiceSoapClient();
client.ClientCredentials.UserName.UserName = this.username;
client.ClientCredentials.UserName.Password = this.password;
List<Product> products = client.GetProductList();