WCF consumed by CF application

I have a WCF web service that need开发者_StackOverflow社区s to be consumed by a Coldfusion application. That's not the real problem. The problem is that the service runs under IIS with a specific user. How can i tell when the target application is calling the service that the specific application is calling the service and not a ghost app.

For example:

application x is calling service y and it should be okay. also application z is calling service y and it shouldn't be allowed to do so.

Based on comments in the answer from @Justin, it seems the CF client can only support the WS-I Basic Profile. This uses the built-in HTTP Basic authentication mechanism. Here is an article that explains how to configure a WCF service for this mode of authentication.

This article explains how you need to configure IIS to actually support HTTP Basic authentication. You can skip creating a custom authenticator if you set IIS host machine to have either a local machine (prefered) or domain Windows account that match the user name and password submitted to the service. Otherwise, the custom validator you write will determine who is authorized to invoke your service.

To respond to comment question: If you didn't configure IIS as in the second article, then you would get anonymous as the user of your service.

It sounds like you need to set up some sort of authentication for your WCF Service:

Security Messages Using Message Security

The long in short of it is that you would provide a token or username/password to authorized applications and then they would pass that information to you along with their request. You can then validate that the calling application is authorized to use your service or not.

If you are talking about the security on your WCF service, the answer would be to apply a security layer. For example, you could do basic security, where each authorized application uses a username and password to access the service. However, if you want something like Active Directory authentication, you will need to use a more complex authentication setup. One way to do that would be to use WIF (http://msdn.microsoft.com/en-us/magazine/ee335707.aspx). There are some good examples out there of how that can be implemented to allow for more secure WCF applications.