Ok, I couldn’t stand it any more.  Why does every article I read on this subject lately advocate using custom SOAP headers to transmit user credentials for web services?  I just don’t get it.  I started writing a whole rant on it, but it got a bit long; so see my story here.

Comments?