My company is exploring the possibility of implementing Web Services for some of our internal data applications. However, we're concerned about security. All of the services need to only allow authenticated users (based on an authentication database we maintain).

The authentication process is not the problem - we already use a custom-built web portal that handles this flawlessly. Our challenge is to implement the same security policies to Web Services.

Has anyone successfully accomplished this before? Can anyone recommend any resources (printed or online) that will help suggest possible security solutions?

Thanks in advance! <img src=/S/thankyou.gif border=0 alt=thankyou width=40 height=15>