I have set up a Web Api service using the self hosting method. For this my first attemp, I have chosen SSL + Basic Auth for security. I have followed this approach: http://pfelix.wordpress.com/2011/04/21/wcf-web-api-self-hosting-https-and-http-basic-authentication/
Now, I'd like to protect the user resources from others. For example http://mydomain.com/contacts/2323/email should be
accessible to the user 2323 but, it should not be accesible to the user 1234 or other. What is the best approach to do this? How can I protect user resources? My first though was to do this on every method, using IPrincipal
object comming from OperationHandler. But I guess there is a better solution.
Thanks in advanced and keep up your great job guys!!