Deciding which security implementation is best for an XML Web service
begins with looking at two key security principles: authentication and
authorization. Authentication is the process of validating an identity
based on credentials, such as a user name and password, against an
authority. Once an identity has been authenticated, authorization
determines whether the identity is authorized to access a resource.
From this knowledge base, you will know how to secure Web Services with Windows Authentication, please follow the steps below
1. To enable XML Web service for Windows authentication
-- Enable password protect for web service folder from hosting control panel-->IIS Manager-->Password protection, please click here
2. To pass client credentials to an XML Web service using Windows authentication
2.1. Create a new instance of the proxy class to the XML Web service.
2.2. Create a new instance of the NetworkCredential class, setting the UserName, Password and Domain properties.
2.3. Create a new instance of CredentialCache.
2.4. Add the NetworkCredential to the CredentialCache using the Add method of CredentialCache.
2.5. Assign the instance of CredentialCache to the Credentials property of the proxy class.
The following code example sets the client credentials passed to an XML Web service method using Windows authentication.
Public Class Calculator
Public Shared Sub Main()
' Create a new instance of the proxy class to an
' XML Web service method.
Dim mathproxy As MyMath.Math = New MyMath.Math()
' Create a new instance of CredentialCache.
Dim mycredentialCache As CredentialCache = New CredentialCache()
' Create a new instance of NetworkCredential using the client
Dim credentials As NetworkCredential = New _
' Add the NetworkCredential to the CredentialCache.
mycredentialCache.Add(New Uri(mathproxy.Url), "Basic", _
' Add the CredentialCache to the proxy class credentials.
mathproxy.Credentials = mycredentialCache
' Call the method on the proxy class.
Dim result As Integer
result = mathproxy.Add(3,5)
public class Calculator
public static void Main()
// Create a new instance of the proxy class to an XML
// Web service method.
MyMath.Math math = new MyMath.Math();
// Create a new instance of CredentialCache.
CredentialCache credentialCache = new CredentialCache();
// Create a new instance of NetworkCredential using the client
NetworkCredential credentials = new
// Add the NetworkCredential to the CredentialCache.
// Add the CredentialCache to the proxy class credentials.
math.Credentials = credentialCache;
// Call the method on the proxy class.
int result = math.Add(3,5);
For more details on how to secure Web Services, please click here