Ajax - How to limit consuming of cross domain web service to certain requests

If i have a web service in .NET like WCF or ASMX, when publish this service on the server you will not be able to access it from any where else than the application that host it, unless you change the security settings to allow cross domain access .

Now any application can consume this web service if the address is known, Right ? for example you can invoke this server web service in your local browser and see what it does...

  Question is   

How can i secure this web service ... and limit consuming to certain defined application or requests that have been predefined to the web service ?

https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS https://developer.mozilla.org/en-US/docs/HTTP/Access_control_CORS

Note, however that relaxing access to your system via CORS is - security-wise - very different from restricting access using some form of authentication. You re relying on clients to be well behaved when declaring their origin, but that s not always a valid assumption.