My Code:

 function HandleSignUp() {
    var CurrentURL = document.URL;
    var obj, val;
    //ajax call started
    $.ajax({
        type: "POST",
        url: "../../webservice/GetAjaxDataWebService.asmx/RegisterNewUser",
        data: "{'UserFullName': '" + $('#SignUpName').val() + "','Email': '" + $('#SignUpEmail').val() + "','Password': '" + $('#SignUpPassword').val() + "'}",
        contentType: "application/json; charset=utf-8",
        dataType: "json",
        success: function (msg) {
            //msg.d contains the return value from web service call
            $.colorbox.close();

            val = eval(msg);
            obj = jQuery.parseJSON(val.d);

            UpdateLogin(obj.Email, obj.FirstName);

        }
    });
    //ajax call ended
}

How do I make sure the data sent to WebService using jQuery AJAX is through my site and not some attack.

I have a similar ajax call for Login, where I pass userid and password to a webservice and authenticate.

Is there a way to have a one time request-response token to make sure its a valid web service call.

Let me know if my question is not clear.

You could implement a lightweight MAC-ing mechanism using a Hash Key (known only to you)

1. Before each call to the webservice feed the first n bytes of your message payload to the hash key and compute a hash value.
2. Make the call to your webservice, sending the hash value in an http header (I recommend the authorization header, you can create a custom header tho.
3. In your webservice, before honouring any service request, you verify the authenticity of the message by computing the hashvalue using the same data i.e. the first N bytes and compare with the hash value in the authorization header. Honour the request only if the value checks out.

There is a little processing overhead here and it assumes that the transmission is happening over a secure line, otherwise, the message could still be hijacked. But you solve the problem of bogus calls.

Sessions might be the easiest solution to this problem, depending on your server framework.

After a successful login, open a session on the server and set a value; check for the session value before processing any of your other web service APIs.