I'm working on an ASP.Net AJAX site (using a silverlight front end) and, of course, all of the data and membership elements must be accessed from a web service. I have no problem with this and everything is up and working. The problem is that anyone with a brain and a knowledge of a utilty like "Live HTTP Headers" in firefox can see where my web services are and get the service method definitions, etc, etc.
My query is this: Are there any standing practices for securing web services from the public (so that only I my app can utilize the services), and what are the best methods.
Any tutorials or documentation on how to implement this would be great.
Thanks,
Joshua Foulk