I recently put up a few web services for a client of mine, which returned some sensitive data. I needed to find a simple way to authenticate the users of these web services. This is the approach I took.
I've started using web services fairly often in the applications that I've been developing, in most cases the information they pass is suitable for the public domain. However a recent project forced me to look into different authentication methods.
My requirements were that, it had to be simple for the client applications to authenticate, also that the web based administration system had to be used. This prevented me from using the Windows authentication (which is fairly easy to use for the clients of this web service.) By using SOAP headers to pass username and password information, it greatly simplifies any authentication request.
Using the code
I wanted to make it really easy for the client to understand:
See full detail: http://www.codeproject.com/KB/cpp/authforwebservices.aspx