I'm working on a WCF service that, at least initially, will only be consumed by an ASP.Net application on the same machine. This may change eventually, but for the time being, all communication with the WCF service will be intra-machine.
Is any sort of security necessary, and indeed, is any sort of authentication necessary? It seems to me that in order to compromise the security, one would have to compromise the security of the machine - nothing from the outside is going to be able to connect in, particularly if I'm using named pipes...
I'm confident in the security of the box - is that good enough?
Seems fine to me. However, I think when doing development getting the base stuff (like secure channels, authentication) figured out early is a good idea. Retro fitting can be a pain.