I'm writing a service in AX that you can call and query customer data if you authenticate somehow. What's the most common and generally considered safe method of exposing this externally?
How does one authenticate? Should I wrap the AX web service in C#?
AX allows to expose a WCF web service in the internet through IIS, in the IIS Manager you can configure some rules that provides security in the web site that holds your service such a authorization and autentiacation rules, permisions, etc. See this article.
In the enhanced inbound port you can also configure the WCF Service security in the binding configuration go to TrasportSecurity Properties, MessageSecurity Properties etc.
In the port you can set another security cusmomization if you want deny user access for example. See this
You can see the documentation for the WCF security here msdn.microsoft.com/en-us/library/ms731925(v=vs.110).aspx.
I hope this helps.