WCF WebService Security: How do I use security on a WebService?

I created a simple .N开发者_JAVA技巧ET WebService (it just passes back a string). How do I modify the server side (and possibly the client side) so that it also uses a username/password to validate before sending a response?

Client Code:

static void Main(string[] args)
{
    UpdateClient client = new UpdateClient("UpdateSOAPIIS");

    client.ClientCredentials.UserName.UserName = "Michael";
    client.ClientCredentials.UserName.Password = "testpassword";

    String response = client.GetString("New York, NY");

    Console.WriteLine(response);

    if (client != null) client.Close();
}

Server Code:

public virtual GetStringResponse GetString(GetStringRequest request)
{
    return new GetStringResponse("Search Location: " + request.location);
}

I recommend reading Juval Lowy's excellent article Declarative WCF Security. He describes five common scenarios (intranet, internet, b2b, anonymous, no security at all) and shows what that means, how to accomplish that etc.

He even goes as far as creating declarative attributes that you can basically just put on your service declaration and be done with it.

Those security scenario should really cover at least 80%, if not 95% of your typical cases. Study them and use them! Highly recommended

It really depends on what kind of security you want. Should the protocol be encrypted, should the data be encrypted, or do you just want to authenticate a user. In the last case you can just go ahead and use whatever technology you want to verify that the user has permissions to use the API. For other options and some code, check out this MSDN article http://msdn.microsoft.com/en-us/library/ms731925.aspx