William Stacey points out one major problem when using SendHashed and SendNone options. They are both vulnerable to dictionary attack. As he offers to present a solution using custom UsernameTokenManager and Crypto API, I would recommend that you implement SecureConversation and use option SendPlainText. This way your calls can be automatically authorized depending on their group membership. The only drawback is that you must have server certificate, but you can always generate one with makecert.exe util.