My goal (if it's possible) is to have a (1) password-protected web application, with (2) secured web services, that is (3) accessible to users outside of my organization. I am able to achieve #1 and #3 together without any problems, but I cannot find a way achieve all three without my users having to, first, log into the site, and then provide the same credentials for every secured service that loads at start-up. My services need to be exposed to the internet so my external users can view them, but I would like them to be secured so they are not viewable to the public.