I am writing a WCF service that has a Sql Server database and an Android client (build in Xamarin). I am in need of using a username/password authentication. I have tried so many ways and am tired of running into walls. My goal is to use the asp.net membership provider, but I cannot use that without TransportWithMessageCredential which Xamarin does not support. I have tried to implement msdn.microsoft.com/en-us/library/ff649647.aspx but I get a generic error when I hit the service in a browser, and honestly I don't even know how to troubleshoot it since I don't have access to the server logs. Not to mention I am a newbie at Android.
After all that rambling I have a simple question. Would it be insecure to pass the username/password for every service call? The service is SSL required, so the password would be encrypted along with everything else. In other words in every OperationContract, I could first authenticate the user, then proceed with the function if it is valid. I know it would be slower, but at this point I am willing to give up a little speed.
If it would be secure, I would have to store their username/password somewhere on their phone so I could keep reusing it, right? Is that secure/safe/possible?
Thanks for any help you can offer.