Security on a WCF public web service

I'm building a complex, public web service in WCF that send email to a specific addre开发者_如何学Css, similar to a contact form but with some features. With jQuery I get the data from the textbox and with Ajax and json I send to the web service the strings to proceed at the send.

Now, is there a good way to make it secure?

I mean.. the service is public so someone can have access to it and starting to spam on this address. Can I restrict the users to use the web service only from the correct web site?

Thanks.

IF the WCF service is hosted in the IIS you can allow calls only from a specific IP address, look at the directory security settings under IIS.

By far the simplest way is to have your web service require some type of access key in order to run the operation.

Something simple like a base64 encoded GUID would work. It doesn't even have to change. Just add a parameter called "AccessKey" or something similar. Have your app pass that and let the service validate that it is good.

Another idea is to have the web service check the http headers to see if it came from the page you authorized to use it.

Neither of those are perfect. The first one means that your "key" will be inside the html you send to the client. The second one can be spoofed.

Personally, I'd probably not bother at this level and just log what the service is doing. If the traffic counts to the service start to exceed what you think it ought to be, then I'd investigate ways to mitigate it. Most likely, given that it's a service you won't see any issues.