If your remote component exposes sensitive data or operations, it must authenticate its callers to support authorization. The .NET Framework remoting infrastructure does not define an authentication model. The host should handle authentication. For example, you can use ASP.NET to benefit from ASP.NET and IIS authentication features.
If you use a custom Windows service host, develop a custom authentication solution.
The following guidelines apply if you use the ASP.NET host with the HttpChannel:
Turn off anonymous authentication in IIS.
Configure ASP.NET for Windows authentication.
Configure client credentials.
Increase performance with authenticated connection sharing.
Force clients to authenticate with each call.