I am a newbie to WCF and Xamarin, so please excuse me if these are ignorant questions. I have a WCF web service that communicates to a SQL Server database. I have an Android app built in Xamarin. It is running on IIS with a valid SSL installed (SSL is required). I am trying to find a way to authenticate the web service. Here are my questions. Any help you can give me is greatly appreciated:
Question 1: I have a user/password table that I can verify against with a query, but is this secure? Would I have to have this verification in every OperationContract? could I use Forms Authentication in the web service? I am using & . I know Xamarin doesn't work well with Message & Credentials, so I'm trying to do it another way. I tried using , but I could not get that to work.
Question 2: Is all data from the Android device to the web service encrypted since the server has the SSL installed? Even if it is over 3G? So would the user/password be encrypted when sending it to the web service?