I have a web site and web service on the same server. The users log into the web site, which calls the web service to perform processing. The web service must ensure that only authenticated users access it. I thought that the easiest way to do this would be to share forms authentication between the two applications, since the user is already logged into the web site, but it does not work. The web service never sees the authenticated user. I tested creating another web site and sharing forms authentication between the two web sites and it worked fine, so I know the problem is specific to the web service.
Is it possible to share forms authentication between a web site and web service?
If not, what would be the best way of accomplishing the same end result, keeping in mind that I only have access to the user's password when they log into the web site.
