We have a windows forms application that consumes various web services. This includes getting data from a database on our server, requesting payment information and other methods. There are 3 web services total which all need to use some form of authentication so it's not possible for anyone to get data from our servers and request payments and such.
Can someone point me in the right direction for setting up a simple scheme to handle this? What I want to do is setup one web service that does nothing but authentication... so say they request data from our servers, the client application will submit data to authenticate them and if it passes it will allow them to request the data.
What is a good (and free) way of authenticating users? This should happen without the users knowing it... ie: maybe there is a username/password for the web service stored locally which can be authenticated against a username/password on our server. I just dont know how I would do this securely, without much hastle and without any cost. Can someone point me in the right direction for this?