Folks, in SVC or ASMX services I usually have a method like Authenticate(...) which takes credentials and returns some sort of token which is used for subsequent calls from the same client. The token can be passed out-of-band in a "header" so the client doesn't have to be bothered by it.
I'd like to sue the same pattern in my Web API, but I'm not sure how to implement the equivalent of passing the token in some sort of "header". Has anyone written this sort of plumbing or know if there some built-in techniques I'm not aware of? I know that the Rackspace REST API does exactly what I want, as you get a Guid token which is valid for 24 hours. The tedious work of adding that token to the outgoing http headers is handled deep down in some utility classes in their SDK. Greg K
