When using NAV web services from external applications, I would recommend the following:
Direct exposure of NAV web services to the external application should be done only if the consumer application is in your local network and if you manage that application
If you want to expose NAV web services to external applications on the Internet, it's better to write a proxy application (middle tier) that permits you to not directly expose NAV to the outside world
With a proxy service (a custom web service between NAV and the client application), you can expose only the desired method with the desired signatures, not the entire NAV entity
For authentication with NAV web services, I recommend to impersonate a dedicated user with the desired permission
Place all your settings (web service URLs) in
app.config
orweb.config