Yesterday I began learning WCF by porting an existing ASP.NET Web Service.

Creating the WCF service was very easy in itself. Approximately an hour after I created my first WCF Service Library project ever, I was already successfully testing my new WCF service in the WCF Test Client.

Now I would like to implement a simple authentication system, but still do not know how. For the sake of simplicity, say my Web Service has three operations: logging in, getting the length of the user’s name, and logging out. How do I complete the TODOs in the following code?

[ServiceContract]
public class MyService
{
    [OperationContract(IsInitiating = true, IsTerminating = false)]
    public bool Login(string userName, string password)
    {
        /* I have already implemented the function that validades
           whether the user name and password are correct. */
        if (ValidateLogin(userName, password))
        {
            /* TODO: Initiate a session */
            return true;
        }
        else
            return false;
    }

    [OperationContract(IsInitiating = false, IsTerminating = false)]
    public int GetUserNameLength()
    {
        /*
           TODO: How to validate whether the user has logged in?
                 How to obtain the name of the user that has logged in?
        */
        int userNameLength = 42;
        return userNameLength;
    }

    [OperationContract(IsInitiating = false, IsTerminating = true)]
    public void Logout()
    {
        /* TODO: How to logout? */
    }
}

NOTE: I am the enemy number one of gross hacks. Please lead me towards conceptually “clean” solutions, regardless of their complexity.