That certainly would keep thing simpler.

What happens of a connection to the DB cannot be established? What gets returned to the client?







>Yes, we basically do something similar, although we don't pass a user object to the WS methods (you want to avoid passing complex objects to WS methods). Each user in a user table in the database as a GUID and that is what we use to pass to the WS methods ... it's up to the backend to then validate whether that user can access the database or not, based on the caller of the WS method passing a valid GUID.
>
>~~Bonnie
>
>
>
>
>>I think I asked you this in an earlier thread. I'm thinking about security again, and it seems to me that the
>>best idea is to validate user access at the database level via username and password.
>>
>>What if I created a user class which stores user info (name, username, password, access info) upon login and
>>is returned serialized to the client?
>>
>>The user object could be then passed around at the client level and also to each method on the WS,
>>which could use the information stored on it to validate the user on each subsequent call.