I'm building a system which will use a web layer (ASP.NET MVC) to connect to a service layer which has multiple WCF services hosted in a windows service.
User will login once to the web layer. Then, according to the function he called, a connection will be made to WCF services. I need to use same user in each service for authorizing user, auditing and logging.
What is the best practice for this? Should I save credentials in Session and each time I need to connect to WCF service and pass those credentials to it?