To do so, I will set up different behaviors in my web.config in the servicebehaviors section, and make sure each service points to the corresponding behavior:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ProductionServiceBehavior">
<serviceAuthorization serviceAuthorizationManagerType="WCFWebHttp.APIKeyAuthorization, WCFWebHttp" />
</behavior>
<behavior name="PublicServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="WCFWebHttp.ProductionService" behaviorConfiguration="ProductionServiceBehavior">
</service>
</services>
Now, all I need to do is to implement my APIKeyAuthorization class. This class inherits from ServiceAuthorizationManager and overrides CheckAccessCore to validate the request and send an Error response if not validated.
For detailed information about this class see the original article on:
MSDN.