How to implement security in webservices

I have created an webservice its working fine, but now i need to implemet security so that only my clients can access this service

the webservice is hosted in india, the client is in UK and spain, they are trying to access the webservice url.

1:now i need make sure the webservice is available only for these two clients any one who access this url should not been given accees?

2:i need to set username and password different for these 2 clients so that when uk client tries to create an proxy class he should also enter username and passowed to access it.

hope my Question i开发者_开发技巧s clear, what my webserice should be used by my client not others

You should be using SSL to encrypt the site the services are running on. Then implement a custom SoapHeader.

public class SoapAuthenticationHeader : SoapHeader
{
    public string UserName { get; set; }
    public string Password { get; set; }
}

You can also include an API key or some other method of authentication.

public SoapAuthenticationHeader AuthHeader;

[SoapHeader("AuthHeader")]
[WebMethod()]
public ServiceResponse<bool> Update(int clientId)

For further reference, http://msdn.microsoft.com/en-us/library/77hkfhh8.aspx

Have a look at the WCF authentication and authorization capabilities outlined here.