You've just about answered your own question here...
You already have user authentication happening, so simply update your database so that you have a table similar to this:
UserID, WebMethodID
Populate this table with relevant details for each client and their approved webmethods, one entry per client/webmethod pair.
Update your webmethods so that they only work if the client/webmethod pair is authorised... something like this:
if isAuthorised(ClientID, WebmethodID) then
endif
private function isAuthorised(byval ClientID as integer, byval WebmethodID as integer) as boolean
if FOUND_IN_DATABASE then
isAuthorised = true
else
isAuthorised = false
endif
end function