You should use the <authorization> element to ensure that only authorized users access your Web service. This element allows or denies access to your Web service according to their role.