When using C# and TCP, what is the best approach to let a client identify himself using a username and password and then allow multiple packets to be sent from the server to the client and from the client to the server without sending the username & password each time? Thread for each user? Token that's sent with each packet?
Also, how to make sure that only the client is able to read the data that the server is sending & vice versa? Just using SSLStream?
You are too low-level. What you need is an application protocol on top of TCP that supports authentication. One of the options may be HTTP. When working with .NET, the commonly used approach is leveraging WCF (Windows Communication Foundation). You can build a WCF service that will require authentication, such as “username and password” as you mention, while still being flexible about what underlying means of communication are used (e.g. SOAP and HTTP, or plain TCP and WCF's custom binary protocol, etc.).