Securing JSON calls to WCF service

I have a method in my WCF service which can delete a user. This functionality is available VIA a JSON call to my WCF method. (IE: Users/Delete/20 w开发者_高级运维ill delete user 20.) How can I make it so someone typing in Users/Delete/20 will not have access to delete the user? Or someone faking a JSON request. I have read up on the ValidateAntiForgeryToken attribute, but that doesn't seem to help me. Am I using it wrong?

The function to delete a user has probably been implemented because certain people are indeed allowed to delete a user. What your service needs is authentification (identifying the user) and authorization (checking that only permissioned user can execute certain methods).

If you have authentication and authorization in place, then you don't need to worry about what client access your service.

I could be more specific if you provide more information. Who's allow to delete users? What client are they using for that? Who's not allowed to delete users? Can those who are allowed to delete users delete any users? Or can they only delete certain users (such as those belonging to the same department)?

(And please make your delete method a method that can only be executed as a POST request and not as a GET request.)