Storing encryption/decryption keys in .NET

What are the best practices, for doing this in .NET? My problem is, I want to interact with a webservice, I have created. To make sure no "creative" user, can abuse the service, I want to encrypt the argument (the output is sensitive).

I thought I was being clever, by using webservices, instead of having my application go directly into our DB, but I am apparently not clever enough, to know what to do with the key.

So, how do I store the key, I encrypt the argument with, in my locally installed application开发者_运维技巧? I would, of course, like to prevent "creative" users, from being able to retrieve it.

I suppose I could feed the key, from a webservice instead, but I don't really see any benefits to this. People can still just invoke the service, and get the key.

TL;DR Generally speaking, how do I handle encryption/decryption keys in .NET, when everyone can decompile the code, and get the key (if it is stored in the code)?

A simple way is to store the key in configuration, then encrypt the configuration file (either web.config or app.config) - details are here.

Another approach is to secure the link to the Web service using a certificate, and embed the certificate into the application as a resource. This would then stop very creative users from using e.g. Wireshark to read the traffic going to and from the service. Details on that are here.