>I have a web service that I am going to publish on our local intranet. I want applications that our development department make to be able to consume the service, but I don't want anybody else to. I am planning on making Windows applications that use the service, so I can't really secure by user. I was thinking of having a password be one of the parameters, but there always seems to be a more elegant solution to most of my ideas. Anybody have any input?

I created a value based on a userid and date. The web service looked the userid up and applied the same calculation. If it got a match it processed the message otherwise it returned a you are not authorised message.