I'm trying to create a flexible security infrastructure for our WCF services on our intranet, but I'm not quite sure where I should be putting this code... there are so many different ways to extend WCF that I don't know for sure where to begin...
The basic idea: every time my service is called - for any operation - I want some code to run that does a custom access check using our existing security infrastructure to see if the user has access to perform the operation. If the user isn't authorized, I want it to throw an exception or something (not sure what it should do really) and prevent the call from ever making it to my service code.
Thoughts?
Thanks