Web Service - PrincipalPermission(SecurityAction.Demand

Question

For proof of concept and learning purposes, I'm trying to do the most simple possible use of SecurityAction.Demand as follows:

[PrincipalPermission(SecurityAction.Demand, Role = @"MyDomain\MyGroup")]
public string GetData(int value)
{
    return string.Format("You entered: {0}", value);
}

I wrote a console test program, and I'm getting the System.ServiceModel.Security.SecurityAccessDeniedException, even though I'm a member of the group specified above.

I've read a lot of docs and blogs which have left me totally confused. I seem to be getting lost in the number of permutations of things to try.

Questions:

1. Do I need to publish to IIS instead of using Cassini inside Visual Studio?

2. Does it work only with wsHttpBinding? I created a .NET console test program, added a service-reference and it defaulted to basicHttpBinding, even though some blogs and examples I was looking indicated that a Service Reference should be wsHttpBinding.

3. What are the minimum changes to the binding file to get this to work. I know have to change some parms to set security mode to Windows, but first I need to make sure I'm in the proper bindings (thus question #2 above).