i have a asp.net web app in which i take system logon name and grant him access if the user is a member of a particular AD group(PrimeMembers)
Now we have moved the authentication code to a WCF Service(IsPrimeMember), and we got another WCF Service(GetProfiles) which calls IsPrimeMember before providing data
Now the question, If i would have called the IsPrimeMember service in my asp.net app I can safely get Logon ID from HttpContext.Current.User.Identity.Name.ToString and would not be tampered. But when i provide the service via URL and open to a group of memmbers members may try to get access by trying different combinations of logon ID's as querystring.
One thing is we can provide some Key(like Private Key) as ask them to pass along with URL.
any other thoughts how this can be achieved
