I am planning to write a .net web application using SOA, which means data operations are made using web methods. There will be many, many methods so I got the next questions:
Any tips will help because i am new to SOA..
I would suggest you use WCF instead of .Net web-services. WCF gives you a lot of flexibility regarding security and many more aspects. Especially: SOA does not equal web-services. With WCF you can configure the channel your data is sent over (i.e. HTTP, TCP, MSMQ, etc.).
Regarding Reflection, I see no reason to use it. Reflection is slow, hard to debug and not really related to SOA at all. Debugging SOA's is challenging enough, so use reflection sparingly.
As you can imagine, that's not a simple subject. So I would partition it this way: minimally, your question comprises two aspects of security:
You have different options for both. For ex. you can handle authentication through multiple standards like WS-{Security|Trust|etc} and, in the other end, authorization through AzMan roles (which BTW doesn't scale very well).
With respect to technology, I agree with other posts, you should opt for WCF. That allows you to leverage those standards and present you more options for the different aspects of security, including auditing.