You create a Windows Communication Foundation (WCF) service by using Microsoft Visual Studio .NET 2008 and the .NET Framework 3.5.
The service exposes two endpoints. The first endpoint is configured to use the Issued Tokens authentication method. The second endpoint is configured to use the Digital Certificates authentication method. Additional endpoints along with different authentication mechanisms will be created in the future.
You plan to define the authorization strategy for the service. You need to ensure that the WCF service meets the following requirements:
– Authorization rules for validation are the same, regardless of the type of the user credential.
– Users are prevented from executing restricted WCF operations.
– Fine-grained authorization is provided to protected resources.
What should you do?

A.
Use the System.Security.Permissions.PrincipalPermission class.

B.
Use Identity Model to implement a claims-based authorization strategy.

C.
Use the System.Security.Permissions.PrincipalPermissionAttribute attribute.

D.
Use Windows Access Control Lists to implement a resource-based authorization strategy.