N OT E If you are building Active Directory applications using Web services, be ultra-careful about what functionality you provide to those who are accessing your XML Web service. What Types of Businesses Should Use Web Services? The following types of businesses should consider Web services: nn New businesses seeking to provide functionality to other developers using the Internet. nn Any business that already has an Internet presence. These businesses can leverage the advantages of SOAP-based Web methods in their applications. nn Any business that is currently using Winsock or RCP as a method of remote communication. nn Companies that have diversified software project initiatives by IDE, operating system, or both. By default, Web services are as secure as internal remoting objects because they can be exposed only to members of the domain you choose. Authentication methods include Basic, Windows, Digest, Forms, and Passport. You control who has access to your Web methods programmatically. XML Web Services Security in .NET When considering .NET for Web services and SOAP, the first thing most people think about is security. Many people believe there isnt any security wrapped  around  Web  services.  True,  security  isnt  readily  visible  to  the user  and  is  usually  configured  internally  to  the  server,  but  that  doesnt mean Web services arent secure! Another concern is that Web services are publicly exposed. This leads people to believe that anyone can simply reference a Web service and begin using its public methods. This, too, is an unfounded concern. In fact, we can even use Windows authentication to restrict the users of our Web ser- vice  to  only  those  people  who  have  valid  user  accounts  on  the  same domain as the server. At first, it is easy to conceive of .NET Web services as functions on the Web that anyone can use at any time. The truth is that anyone with infor- mation pertaining to the location of the .asmx Web service file can reference What Are Web Services? 15