Authenticating Users via Restful WCF services on Azure IIS Server

I'd like to write a mobile location based application (iPhone, Andorid and BlackBerry) that will get and post data to my web server (hosted on Azu开发者_如何学Gore IIS) via WCF restful services.

What is the best way to authenticate my users?

REST authentication can be done custom (like API key auth), or using something like Basic Auth or OAuth. It depends slightly on the interaction you want. You can certainly use ACS to pretty easily secure a REST based service. However, this depends again on what you think you will have in terms of interaction.

As a starting point, I would look here at least (http://acs.codeplex.com/) to see how to use ACS and get started.

I'm doing something similar and I'm using encrypted tokens in my headers.

I'm sure there's a "standard" way of doing that sort of thing, but it was a lot easier just doing it myself.

Basically just using a shared secret to encrypt and a bit of:

WebOperationContext.Current.OutgoingResponse.Headers.Add("sec-token", WebSecurity.CreateToken(blah));

and

string inputToken = WebOperationContext.Current.IncomingRequest.Headers["sec-token"];