>>>I have a web service that I am going to publish on our local intranet. I want applications that our development department make to be able to consume the service, but I don't want anybody else to. I am planning on making Windows applications that use the service, so I can't really secure by user. I was thinking of having a password be one of the parameters, but there always seems to be a more elegant solution to most of my ideas. Anybody have any input?
>>
>>I created a value based on a userid and date. The web service looked the userid up and applied the same calculation. If it got a match it processed the message otherwise it returned a you are not authorised message.
>
>Interesting. So the userid was static?

Sort of. The users of the web service where using a package that came pre loaded with their userid.
So the web service end could lookup userids in the user table.
The web service wasn't designed to be accessible to the general public. This was the easiest way I could see to exclude the casual hacker.