performing authorisation/authentication between webservices

i am developing webservices.In that i want to maintain state information so that all WebMethods could be access only after Login. I have tried but getting problem. I am attaching my code. Any other alternative will also be welcomed.

---

[

WebService(Namespace = "http://amSubfah.org/")]

[

WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]

// To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.

// [System.Web.Script.Services.ScriptService]

public

class Login : System.Web.Services.WebService {

Message msgObj = new Message();

BaseClass b = new BaseClass();

PasswordEncryptionDecryption pedObj = new PasswordEncryptionDecryption();

public AuthHeader Authentication=new AuthHeader ();

public Login () {

//Uncomment the following line if using designed components

//InitializeComponent();

}

[

SoapHeader("Authentication", Required = true)]

[System.Web.Services.

WebMethod(EnableSession = true)]

public string checkUserLogin(string user, string pwd)

{

DataSet dsLogin = new DataSet();

List sqlParams = new List();

SqlParameter sqlParam1 = new SqlParameter("@UserName", SqlDbType.NVarChar);

sqlParam1.Value = user;

sqlParams.Add(sqlParam1);

SqlParameter sqlParam2 = new SqlParameter("@Password", SqlDbType.NVarChar);

string pass = pedObj.encryptPassword(pwd);

sqlParam2.Value = pass;

sqlParams.Add(sqlParam2);

try

{

b.initializeDBConnection();

dsLogin = b.execSelectLoginQuery(

Query.strSelectLoginData, sqlParams);

}

catch (SqlException sqlEx)

{

string str = msgObj.msgErrorMessage + sqlEx.Message + sqlEx.StackTrace;

}

{if ((dsLogin != null) && (dsLogin.Tables[0].Rows.Count != 0))

{

Session[

"username"] = user;

string sessionId = System.Guid.NewGuid().ToString();

Authentication.sessionId = sessionId;

Authentication.Username = user;

return msgObj.msgLoginSuccess;

}

else

return msgObj .msgLoginFail ;

}

//webmethod for registration

[

SoapHeader("Authentication", Required = true)]

[System .Web .Services .

WebMethod (EnableSession =true )]

public string insertRegistrationDetails(string fName,string lName,string email,string pwd)

{

//string u = Session["username"].ToString();

//if (u == "")

//{

// //checkUserLogin(fName,pwd );

// return "Please login first";

//}

if (Authentication.Username == null || Authentication.sessionId == null)

{

return "Please Login first";

}

List sqlParams = new List();

int insert = 0;

string msg = "" ;

SqlParameter sqlParam = new SqlParameter("@FName", SqlDbType.NVarChar);

sqlParam.Value = fName;

sqlParam.Size = 50;

sqlParams.Add(sqlParam);

SqlParameter sqlParam1 = new SqlParameter("@LName", SqlDbType.NVarChar);

sqlParam1.Value = lName;

sqlParam1.Size = 50;

sqlParams.Add(sqlParam1);

SqlParameter sqlParam5 = new SqlParameter("@Email", SqlDbType.NVarChar);

sqlParam5.Value = email;

sqlParam5.Size = 50;

sqlParams.Add(sqlParam5);

SqlParameter sqlParam7 = new SqlParameter("@Password", SqlDbType.NVarChar);

sqlParam7.Value = pedObj .encryptPassword (pwd);

sqlParam7.Size = 50;

sqlParams.Add(sqlParam7);

try

{

b.initializeDBConnection();

insert = b.execByKeyParams(

Query.strInsertIntoRegistrationTable1, sqlParams);

if (insert !=0)

{

msg = msgObj .msgRecInsertedSuccess ;

}

}

catch (SqlException sqlEx)

{

string str = msgObj.msgErrorMessage + sqlEx.Message + sqlEx.StackTrace;

}

return msg;

}

public class AuthHeader : SoapHeader

{

public string Username;

public string sessionId;

}

}