Securing a Web service is possible using WSE (Web Services Enhancements) for .NET. We can define the security requirements for both incoming and outgoing SOAP Messages this we can call it is a policy.
We can define the policy in two ways
1. Using WSE Settings 3.0 Tool
2. Adding the policy element to the XML file
Alternatively we can define the policy file either in development or deployment environment. It is more easy for an administrator to define a policy for an application when it is deployed using policy file.