I'm developing a small app, I have an asp.net web application with a WCF data service. On my app, the data service is exposed to Android, and I want to authenticate the users.
The user's credentials will be stored in a database. Is it possible to use membership and role provider to authenticate the users? If not, what is the best authentication method, so that I can give permissions to some operations and deny it for other operations?
The option I've seen used often is to use HTTPS and pass through your user credentials on each call using a RESTful service. Obviously keep your security layer at the server side and return failure codes when the credentials aren't valid.
There are tonnes of examples on the web, including this SO answer.