ADO.net Webservice with authentication

I have 2 databases. One (DB 'A') consists of all my clients usernames & passwords. The other (DB 'B') has company data. I want to have the company data (DB 'B') to be privy to only my clients that exist in (DB 'A'). (** There is no correlation between the DBs.**) I've created a simple ADO.NET (WCF) data webservice that lists the (DB "B") data but I haven't placed any authentication on the webservice. I have a client app that will be sending a HTTP request with a username & password in the header. This is what I have so far: public class webservice : DataService<myEntities> { public static void InitializeService(DataServiceConfiguration config) { // Set rules to indicate which entity sets and service operations are visible, updatable, etc. config.SetEntitySetAccessRule("DB 'A'", EntitySetRights.None); config.SetEntitySetAccessRule("DB 'B'", EntitySetRights.AllRead); config.SetServiceOperationAccessRule("*", ServiceOperationRights.All); config.DataServiceBehavior.AcceptCountRequests = true; config.DataServiceBehavior.AcceptProjectionRequests = true; config.DataServiceBehavior.MaxProtocolVersion = System.Data.Services.Common.DataServiceProtocolVersion.V2; config.SetEntitySetPageSize("*", 5); } [QueryInterceptor("DB 'B'")] public Expression<Func<table_name, bool>> MyFilter() { var myData = from x in (DB 'A') where client_app_username = DB.A.username && client_app_password = DB.A.password select x if (myData.Count() == 1) return (DB 'B') => true; else return (DB 'B') => false; } } The classes/files that I have so far are: * webservice class (pasted above) * Default.aspx * An edmx file that retrieves data from my SQL server You will have to complete the QueryInterceptor and also construct any other classes/files (for example, for OAuth) needed to access the HTTPS header post. Also, I'd like to know the details of what you have done. Thanks.