Definitely Webservice and here are Top 5 reasons
Security You're not granting DB access to anyone but web server/app user.
DB load reduction Web service can cache the data it retrieved from DB.
Ability for fault tolerance the service can switch between primary/DR data sources without having details of fail-over be implemented by service consumers.
Scalability the service can spread requests between several parallel data sources without having details of the resource picking be implemented by service consumers.
Performance tuning Assuming the alternative is clients running their own queries (and not pre-canned stored procedures), you can be 100% sure that they will start using less than optimal queries. Also, if the web service bounds the set of allowable queries, it can help with your database tuning significantly. I must add that this logic is equally applicable to stored procedures, not unique to web services.