ASP.NET authorization works great with WCF Web. All you have to do is create a physical directory that corresponds to your route, and add a web.config file with the appropriate markup. For example, add a web.config file with these contents:
in a folder called "Private" in your web service. This will deny access to any route starting with "Private" to anybody not in the "RegisteredUsers" role.
So you will need to make all your "locked down" routes start with "Private". For example, "Private/Route1" and "Private/Route2".
It's really convenient that ASP.NET checks for the existence of web.config files in physical folders to perform authorization checks on resources that don't have a physical file presence.