I will be discussing web service authentication in this article, where you can host your web service publically but it can only be accessed by passing pre-assigned username, password and secure parameter.
So speaking simple SOAP web services, following are the steps that will make your publically available web service, a secured web service.
This is an example of default web service code which will let HelloWorld() method to be consumed without any authentication, once this web service is published over the App Server(local IIS or over Internet).
By adding couple of lines of code we can make the existing web service to be secure(i.e.by enforcing username and password via SOAP Header).
So let's pick some username and password for the web service and place it within <appSettings> tag in Web.config file.
<add key="ff_username" value="user1"/>
<add key="ff_password" value="User!123"/>
Now to implement this username and password, we need to modify the current web service code as shown in highlighted boxes below:
Now this web service is secured with customer username and password. After a successful build you can deploy/publish this web service on your IIS(local or Internet).
HOW TO TEST IF THE ABOVE WEBSERVICE IS WORKING WITH USERNAME & PASSWORD AUTHENTICATION
You can create a "Test Project" where you can add the service reference by right clicking on "Web Reference"--> choosing "Add Web Reference" and providing the URL of your currently deployed web service.
Assuming that you have given the web reference name of your web service(under Test Project) as "prod", it should look something as shown below.
Now in the code-behind of your "Default.aspx.cs", create the web service instance and consume the HelloWorld() and display it in Label.Text as shown below:
As stated in commented text, if your web service fails the authentication it will display "Authentication Failed" otherwise it will display "Hello World".