i have a web service (asmx) with few methods. it is currently used by just couple of clients and they are flexible. Problem i have is that service has no security infrastructure in place and virtually anyone can call it. This behavior is not desired. what i want is to put in place some security mechanism for my service so user can pass login credentials and i also want that login of a client is remembered for some time i.e i don't have to go to db for every request. I have gone through this article and it seems good enough to me. Only thing that bugs me is that i have to check database for user authentication on every request. Is there a way, i can override (change) this behavior. I also read few articles on WSE 3.0 but enabling it in VS 2010 seems a hack and i would rather look for a cleaner alternative. Since my clients are flexible, i can move to wcf as well. If any such thing is available in wcf or asmx, please guide me in right direction.
WSE is obsolete and should not be used unless there are no other choices.
ASMX is a legacy technology and should not be used for new development.
WCF should be used for all new development.
