Hi,
A Few ways:
1) In IIS restrict the website by IP address allowing only machines
that run your code to access the web service.
2) Disallow anonymous authentication in IIS. Restrict acces to your
ASMX file allow only a specific user to access the ASMX file. In
your consuming application use CredentialsCache to pass NT user
rights to the web service when communicating with the server.
3) User certificates. In IIS, disallow anonymouse users...Issue a
certificate to your client machines you wish to give access to... In
IIS Map the cert to an NT user account that has access to the ASMX
file. In your application consuming the web service use WSE 3.0 to
pass the cert to the web service.
4) Kind of weak, but you can have your web methods take a 'security
token' as a parameter. Make the token a Guid. Share the Guid with
the server and the consuming app. Then the consuming app calls the
web methods, pass the Shared Guid. The web method must compare the
passed Guid to make sure it is the correct value, or throw an error. (many
places use this... ebay... amazon... google).
-DS
