WCF sessions or pass username/password per call?

Question

For an enterprise type WCF service, where potentially 10K\'s of thousands of clients will be authenticating and sending data to central servers, what is \'best\' practice when i

Answer 1

WCF does support sessions yes; but they are not like ASP.NET sessions. Sessions are there to deliver messages in order (and other bits and bobs), they are not there to add shared storage between calls.

For authenticated service calls you should send your authentication details every time; security is applied on a per message basis.