1- You may use
CookieContainer to pass
Credentials inside. Authenticate user at web-service. If user authenticated then collect information from CookieContainer and return result-set
Note: Enable Session on your WebMethods. For Help: may review this
link[
^]
2- Do not use
direct (inline) quries to database as they are very risky and can't handle if user pass special chracters inside parameters. Either use
stored procedures, if not than Use
Parametrized quries to save yourself of issues and injections.