You are an enterprise application developer. You are developing several Web services that are accessed by smart client applications. The Web services might be installed on different Web servers. The smart client applications must authenticate users by using credentials issued by a single sign-on service. The single sign-on service was developed by a different group in your organization.
The security policy of the application includes the following requirements:

* User identity must be transmitted across application boundaries.
* User identity must be logged for auditing purposes.

You need to choose a strategy to propagate user information securely across the application boundaries.
What should you choose?

A.
Use remote method calls to pass user information between applications that use function parameters.

B.
Install business components in Enterprise Services and use Kerberos tickets to authenticate users.

C.
Use SOAP headers to pass user identity across application assemblies and log authentication information at each boundary.

D.
Use NTLM tokens to authenticate users and trusted Microsoft Windows domains.