You could use encryption which will heavily protect admin credentials during transport from WebService to application memory. In other words: Using encryption of message body (WS-Encryption) in pair with HTTPS is a quite secured in most cases.