I am developing a WCF based ERP application. My service is using Per Call instance mode and Concurrency mode Multiple.
I am using custom UserName/Password validator for authentication. Since for Per Call services, services instance is created for each call,
I am not sure how to deal with the authentication.
Is it the correct approach to send user name and password with each service request and validate
on the server side?
If so, at the client side, should we store the user name and password entered by the user?
If there are any better ways of doing user name/password based authentication, please let me know.
