When asp.net application starts, login form appears. When user attempts login his username and password are passed to a method on VFP web service which returns a true\false indicating sucess or failure. If true, username and password are stored to a session variable and used for each trip to web service.

// Try login
bool bRetval = true;
atsws myWS = new atsws();	
		
bRetval = myWS.Login(txtUsername.Value, txtPassword.Value);
if(bRetval == false)
{
  divMsg.InnerText = "Invalid Username or Password.  Try again or contact System Administrator for further assistance.";
}
else
{   
  // Store UserID in session variables
  Session["strUsername"] = txtUsername.Value;
  Session["strPassword"] = txtPassword.Value;
  Response.Redirect("main.aspx");
}

Charlie