How you will protect / secure a web service?
For the most part, things that you do to secure a Web site can be used to secure a Web Service. If you need to encrypt the data exchange, you use Secure Sockets Layer (SSL) or a Virtual Private Network to keep the bits secure. For authentication, use HTTP Basic or Digest authentication with Microsoft® Windows® integration to figure out who the caller is.
these items cannot:
•Parse a SOAP request for valid values
•Authenticate access at the Web Method level (they can authenticate at the Web Service level)
•Stop reading a request as soon as it is recognized as invalid