One way to secure a web service is with username and password. The problem with this approach is you have to add custom validation code to each web method. Is there a better way? Yes. With a custom SoapExtension you can simply attribute your web method and have it authenticated so you don't have to add custom code to each method. This article outlines this in detail.