I added a new asp.net project which only hosts (Classic) WebServices on top of my MVC app.

The Web Service calls the Biz Objects which are located in Biz Layer Dlls.

WebService clients are just like the regular users, they have to be authenticated and authorized per operations.

I am using a SOAP authentication token to validate the user upon first call, then passing that token around per following calls.

BizObjects access the IUserSessionManager to get the authorized user, and then call the authorize the user per request. This was pretty easy with the MVC app and the Windows app that the BusinessObjects are called from.
So how do I store user info in the following system where my BusinessObjects can retrieve them from. (This might be easy for you but I am not comfortable working with Web Services)

public class XyzUserSessionManager
{
    private static IXyzUserSessionManager _instance;
    public static IXyzUserSessionManager UserSessionManager
    {
        get { return _instance; }
        set { _instance = value; }
    }
    public static IXyzUserSession Current
    {
        get { return UserSessionManager.Current; }
    }
}


    public IXyzUserSession Current
    {
        get
        {
            if (HttpContext.Current == null || HttpContext.Current.Session == null || HttpContext.Current.Session[SessionKey] == null)
                return null;
            return (IXyzUserSession)HttpContext.Current.Session[SessionKey];
        }
        protected set
        {
            HttpContext.Current.Session[SessionKey] = value;
        }
    }