Could someone please explain, when and how should it be used protection for the we service's client

I do protect web service against unauthorized requests and I use a custom username token manager (which is one of many ways to go). Which makes perfect sense.

Thinking of a web service's client protection I'm really getting puzzled... I was looking at SetServiceCredential, but apparently it always gets set just before calling the web service, which doesn't make much sense for me.

I'm using WSE 3.0, ASP2.0, C# 2.0

thanks