P
Peter Judge
Guest
I would reiterate Irfan's point that you should be using a CLIENT-PRINCIPAL in your code, and using that as the source of identity. This will allow you to move the verification of the user's credentials out of the business code into a separate service (even if you are starting with a logical service, as opposed to a separate AppServer).
Continue reading...
Continue reading...