I will be hosting a basic HTTP WCF service using Window Service / Service Host.
I would like to limit the service to 2 specific window active directory users and these accounts will vary between PRD and DEV environments so they will be set in a config file.

I was wondering what is the best way to do this, I know normally if I was hosting the service using IIS then I could limit it in the Web.config:
http://www.rickgaribay.net/archive/2007/04/04/recipe-wcf-basichttpbinding-with-windows-authentication.aspx
However since i’m hosting using ServiceHost then I don’t believe this is an option.

From what I read it seems possible to do this using PrincipalPermission Declarative attribute at the service class level:
http://msdn.microsoft.com/en-us/library/vstudio/ms731200(v=vs.100).aspx
However I’m not too clear whether this will pass the window account of window service or the account which made the HTTP request. What I need is to pass the HTTP request account.
Also, with declartive attributes, is it possible to use a config file attribute rather than a hard coded one?

Any suggestions, if you need any more info then let me know.