Yeah making sure the rpc service is only accessible to authenticated users has been easy enough to do, the part I'm running into is being able to check which user is accessing the service