您可以使用用户名/密码（Forms身份验证）保护您的WCF：

You can secure your WCF using username/password(Forms Authentication):

信息安全与用户名客户端

如果您决定使用会员的身份验证在服务器端配置WFC添加行为配置成员：

If you decide to use membership for Authentication in WFC configuration on server side you add a behavior configuring the Membership:

<behavior name="myBehavior"> 
    <serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="myRoleProvider"/>
    <serviceCredentials>
        <serviceCertificate findValue="*.mycert.net" storeLocation="LocalMachine" x509FindType="FindBySubjectName"/>
        <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="myMembershipProvidewr"/>
    </serviceCredentials>
</behavior>

您WCF能够验证这么简单

Your WCF can be validate as simple as

  [PrincipalPermission(SecurityAction.Demand, Role = "My Role")]
        public bool GetSomething(string param1)
        {
...

您可以在这里找到更多的信息： http://msdn.microsoft.com/en-us/library/ff650067.aspx

You can find additional information here: http://msdn.microsoft.com/en-us/library/ff650067.aspx