This is one of the most confusing ASP.NET interview question and very less developers are aware of the answer.

Webservice runs in the context of IIS and ASP.NET runtime. So you can apply all the security methodologies which you do for ASP.NET i.e. windows , passport and forms.

My 50 .NET Interview questions

I need to build a simple webservice to get data in and out of a HR System over the Internet. I am using IIS and ASP.Net with .Net 2.0.

 

SoapHeaders over SSL:

Post the UID/PWD in a Soap header and implement a SOAP extension. Pretty straightforward to implement and should be quite secure over SSL. This is by far my preferred option due to the relative simplicity. Also, for historical reasons, I will need to consume the webservice from VBScript of all things, so the ability to just deal with simple SOAP is a bonus.

Using WCF with TransportWithMessageCredential: