In all Web Services I do, it is always a wrapper. So, that means, I don't have any business nor data objects in it. However, for a particular case, I don't know what would be the best approach to take.

The client is using VB.NET to connect to our Web Service. Before sending a specific XML parameter, they are encrypting it with a VB.NET encryption class. They key used to encrypt is based on a login DBF table we have on the server where the client knows its key. So, on the server, we can then decrypt using the login record of the user and we should then be able to access the required data.

But, the problem is the following. The Web Service is forwarding the request to a VFP application which handles all the data tier. But, once we are in VFP, we don't have access to the VB.NET encryption class. We can only decrypt at that level. If we do it at the Web Service level, that would mean we'll have to access the VFP table from there.

Would it be possible from VFP to access the VB.NET encryption class? Or, for that one, should I be better to break our rule and deploy a data encrypt class at the Web Service level to query the login table to get the decrypt key?