How to secure custom Web service with VB.NET?

Question

I have built a simple web service in VB using Visual studio 2010. Now I want to secure this web service by user name and password. If the username and password match, the user can use/view the contents. My web service is as follows;

Imports System.Web
Imports System.Web.Services
Imports System.Web.Services.Protocols
Imports System.Web.Script.Services

' To allow this Web Service to be called from script, using ASP.NET AJAX, uncomment the following line.
<System.Web.Script.Services.ScriptService()> _
<WebService(Namespace:="http://tempuri.org/")> _
<WebServiceBinding(ConformsTo:=WsiProfiles.BasicProfile1_1)> _
<Global.Microsoft.VisualBasic.CompilerServices.DesignerGenerated()> _
Public Class Convert
    Inherits System.Web.Services.WebService

    <WebMethod()> _
    Public Function HelloWorld() As String
        Return "Hello World"
    End Function

    <System.Web.Services.WebMethod()> _
    <ScriptMethod(ResponseFormat:=ResponseFormat.Json)> _
    Public Function FahrenheitToCelsius(ByVal Fahrenheit As Double) _
           As Double
        Return ((Fahrenheit - 32) * 5) / 9
    End Function

    <System.Web.Services.WebMethod()> _
    <ScriptMethod(ResponseFormat:=ResponseFormat.Json)> _
    Public Function CelsiusToFahrenheit(ByVal Celsius As Double) _
            As Double
        Return ((Celsius * 9) / 5) + 32
    End Function
End Class 

I am using JavaScript using Dojo to call it. Can somebody guide me how to secure it.

Answer 1

This demonstrates a reasonable sounding approach: http://www.thebuzzmedia.com/designing-a-secure-rest-api-without-oauth-authentication/

In short, you send a username, hashed password, client timestamp and function arguments, along with a hash of all those plus request URL and a private key. The server recreates the hash to verify nothing has been altered, checks the timestamp is within acceptable bounds, and executes the function.