I’ve an ASP.NET MVC web app which is meant to be used within the enterprise. This web app has a custom authentication implementation. The controller functions will call self-hosted WCF services running in the same machine to perform certain operations. Right now, anyone can call the self-hosted WCF function directly to perform the operations. I want to prevent this and only allow users of my ASP.NET MVC web app to call the WCF services. What is the efficient way to secure my WCF service without performance impact.