While you don't say what "secure" should involve in your case, this is generally the domain of the WS-Security standard (which all major
SOAP stacks support). Read the documentation of whichever stack you're using to learn how to apply it. If you're not using SOAP, tell us how the WS is implemented.