How do I implement Security in my WCF service

I have a small website with simple data (e.g. calendar bookings). The website is readonly but you need to be logged in to view it (like at the dentists). I use asp.net membership for this so i have the membership up and running.

I want to provide an API for creating booking for some of my customers, i want to provide them with a WCF service so they can create their own bookings. It would be preferable to allow both http and tcp connections. Everything is running across the internet (some in different countries).

What kind of secur开发者_开发知识库ity do I need, i want the simplest solution (not state-of-the-art banking/government security - but simple soccer-club security), it would be enough to let me know the API key supplied each time. But how do I implement this? Should i use the asp.net membership, or manually chech the API key (should i do this each time the service is used - seems like a lot of overhead).

Any suggestions are very welcome.