If you need to authorize access to WCF operations, use declarative authorization
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
Use declarative role-based authorization to authorize access to WCF operations. Declarative authorization can be added by specifying required access for a particular method declared as an attribute on the operation.
Declarative authorization checks will work if you are using the aspnet role provider or windows groups.
The following code example shows how to use the PrinciplePermission attribute to perform declarative authorization:
[PrincipalPermission(SecurityAction.Demand, Role = "accounting")]
public double Add(double a, double b)
return a + b;
If you need to make finer-grained authorization decisions based on business logic, use imperative authorization instead.