What layers of security could I add to Activation Server?

The Activation Server is basically ASP.NET web application. Please see the link below for security practices you could apply to your server.
https://msdn.microsoft.com/en-us/library/zdh19h94.aspx