ASP.NET Web Services are officially considered "legacy technologies"; it's recommended that web services now be implemented with WCF.
Context: When developing web services.
Practice: Use WCF instead of ASP.NET Web Services.
ASP.NET has a feature called membership. Membership allows Internet web applications and sites to utilize application-specific authentication and authorization. With pages, authorization is fairly simple. You simply define the access rules either in the Web Site Administration Tool or directly in the web.config files. Any user that is unknown will be redirected to a login page whenever they try to access a page that requires authorization.
With web services, ASP.NET membership gets more complex. There's nothing stopping you from configuring access rules to deny unauthorized users from accessing a web service URL (either WCF or ASP.NET web service). But those URLs are being accessed programmatically—not with a browser...