In any client-server application, the authentication and authorization mechanisms you implement on the server to verify the identity of the client application are crucial to security. Authentication is the process of identifying the client that makes the request. Once the client is identified, authorization is the process of determining what that client is allowed to do. Authorization is controlled by mechanisms such as NTFS file permissions and SQL Server permissions.
In most cases, the server is an IIS server, so you use the authentication mechanisms built into IIS. The following connectivity solutions all work through IIS:
Connecting to an XML Web service on a Windows server
Using SQL Server CE Remote ...