Following my previous note, I want each service have its own authentication mechanics, maybe some public services and some sharing the same authentication manager.
To do so, I will set up different behaviors in my web.config in the servicebehaviors section, and make sure each service points to the corresponding behavior:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ProductionServiceBehavior">
<serviceAuthorization serviceAuthorizationManagerType="WCFWebHttp.APIKeyAuthorization, WCFWebHttp" />
</behavior>
<behavior name="PublicServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="WCFWebHttp.ProductionService" behaviorConfiguration="ProductionServiceBehavior">
</service>
</services>
Now, all I need to do is to implement my APIKeyAuthorization class. This class inherits from ServiceAuthorizationManager and overrides CheckAccessCore to validate the request and send an Error response if not validated.
For detailed information about this class see the original article on:
MSDN.