WCF Internal Only Endpoint

We have a suite of WCF services that are exposed to the outside world. I want to add a new service to the mix, but I want to restrict this one to internal access only - basically, within our domain. What is the path of least resistance to adding开发者_如何学JAVA another service to this setup, but configuring the endpoint to be accessible internally only?

If you mean by within our domain, you could most likely:

• use the netTcpBinding - this is not interoperable, and doesn't do well over the internet
• use Windows credentials for your service authentication; anyone not member in your AD won't be allowed to call those methods in that case

Map the service to some port and then configure the server's firewall to allow only domain machines to access that port.

Least Resistance? Maybe, decorate the operation with:

[PrincipalPermission(SecurityAction.Demand, Role = "YourWindowsDomainRole")]

I guess it depends on the security context the operation is invoked with