I'm using (with satisfaction) some web services from an Android application.

I use https (I bought a SSL certificate).

I want to prevent unwanted accesses from others that know the urls of my web services.

I use a "secret key" that the app must provide to the web service method, but it's stored in a constant variable inside the code and I know this is not the best solution to ensure security.

Android web service call (using ksoap):

try {
    SoapObject request = new SoapObject(configuration.getNamespace(), methodName);

    request.addProperty("securityKey", SECURITY_KEY);

C# web service

[WebMethod]
public string UserRegistraion(string securityKey, string data)
{
    if (securityKey != Environment.SecurityKey)
    {
        return "WRONG_KEY";
    }

What's the best way to achieve the definitive solution?

EDIT:

As someone suggested, I asked the same question also on security.stackexchange.com

https://security.stackexchange.com/questions/30850/web-services-how-prevent-illegal-accesses

You simply can't do this. You should obfuscate your code. This is an old battle of software developers vs. crackers

You can't block someone on using/analyzing a code that resides on the client-side, but you can make it difficult in a point that almost all people will give up on doing it because it is too much hard to exploit your code.