You might mention to the powers that be that relying on IPs for authentication is a really bad idea. Spoofing IPs is something crackers do all day long.

Is there some reason the usual cookie-based username/password login won't work for you? I implemented a SOAP system for Bricolage which supports a login call and uses standard HTTP cookies for authentication. Put it over SSL and I bet it would be pretty hard to break.

-sam