Ok, I figured it out, and its kind of slick, in my opinion.
I implemented an IP Filter system as a service behavior, then added it to my service in the web.config. Here's my new web config behaviors section:
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="RestrictedServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<IPFilter filter="172.*.*.* 127.0.0.1" />
</behavior>
</serviceBehaviors>
The IPFilter class implements IDispatchMessageInspector to catch the request as soon as possible, inspect the client IP and throw an exception if it doesn't match the filter. If anyone's interested I can post my code.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…