Secure WCF service

I am very new to using WCF services. Right now I have a WCF servi开发者_StackOverflowce that I call using jQuery. I'm concerned about users making unauthorized calls to the service. What would be the best way to secure my service?

If this is a browser app and you're worried about security, presumably you already have some sort of authentication mechanism (cookies, sessions, something). All these are accessible from WCF services (I'm assuming you're using webHttpBinding or basicHttpBinding?) via the WebOperationContext.Current.IncomingRequest property. You can check/validate a cookie (or whatever else) from your service code, or write a cross-cutting MessageInspector to apply the check to all methods on your service behavior. WCF services also can be integrated with traditional ASP.NET authentication (forms, etc) if you host the service with the compatibility flag. The browser app logs in normally, and your service can consume the credential/token/whatever.

you can use a certificate to sign the WCF messages (it's all in the WCF Settings) on both sides (client and server)

Here is some detailed explanation:

Message Security