If you really don’t want to implement security for backend services and just want to be able to verify the user's identity (which means that you really TRUST, who sends you this information about your identity), you can consider the possibility of transmitting identification information through a custom header with every request.
IClientMessageInspector, , ASP.NET - HttpContext.Current.User.Name BeforeSendRequest. IClientMessageInspector , IEndpointBehavior, ( IClientMessageInspector ).
BeginSendRequest:
public void BeginSendRequest(ref System.ServiceModel.Channels.Message request, IClientChannel channel)
{
string currentContextUserName = HttpContext.Current.User.Identity.Name;
MessageHeader userNameHeader = MessageHeader.CreateHeader("Username", "urn:my-custom-namespace", currentContextUserName);
request.Headers.Add(userNameHeader);
}
, IDispatchMessageInspector . , "" , OperationContext:: IncomingMessageHeaders.