For the most part, things that you do to secure a Web site can be used to secure a Web Service. If you need to ENCRYPT the data exchange, you USE Secure Sockets Layer (SSL) or a VIRTUAL Private Network to keep the bits secure. For AUTHENTICATION, use HTTP Basic or Digest authentication with Microsoft® Windows® integration to figure out who the caller is. these items cannot:
Parse a SOAP request for valid VALUES
Authenticate access at the Web Method level (they can authenticate at the Web Service level)
Stop reading a request as soon as it is recognized as invalid.

For the most part, things that you do to secure a Web site can be used to secure a Web Service. If you need to encrypt the data exchange, you use Secure Sockets Layer (SSL) or a Virtual Private Network to keep the bits secure. For authentication, use HTTP Basic or Digest authentication with Microsoft® Windows® integration to figure out who the caller is. these items cannot:
Parse a SOAP request for valid values
Authenticate access at the Web Method level (they can authenticate at the Web Service level)
Stop reading a request as soon as it is recognized as invalid.