>I have a web service that I am going to publish on our local intranet. I want applications that our development department make to be able to consume the service, but I don't want anybody else to. I am planning on making Windows applications that use the service, so I can't really secure by user. I was thinking of having a password be one of the parameters, but there always seems to be a more elegant solution to most of my ideas. Anybody have any input?
We use two approaches. When the client wants to have a Login() method, that methods is called at first, and we store a credentials along the way. Otherwise, we have to pass the username and the password at each method.