I am creating a wcf service that needs to be protected, because the information that the client interacts with the service is company sensitive. I plan to post it on iis6. What would be the best practice to make sure that no one except the client application can call the service to receive / install data?
Service calls must be made under the real user ID, since all calls must be monitored and verified. I plan to use PolicyInjection for auditing.
source
share