For example, if you make self-hosted WCF service it will be "anonymous" unless you specifically implement some kind of authentication :-). Same thing about Web service or ASP.NET.
Probably your idea of authentication is related specifically SSL authentication (
http://msdn.microsoft.com/en-us/library/aa922016.aspx[
^]), not WCF.
Pure WCF has nothing to do with authentication. It's just a wrapper over the channel (like TCP or HTTP) and marshaling functionality. You can think of WCF of a lowers application level over a transport protocol later (which is replaceable). Authentication may or may not be provided on top of it.
Microsoft offers special Windows Communication Foundation Authentication Service which you can choose to use or not:
http://msdn.microsoft.com/en-us/library/bb386582.aspx[
^]. Web Service Authentication:
http://msdn.microsoft.com/en-us/library/ms154673.aspx[
^]. ASP.NET Authentication:
http://msdn.microsoft.com/en-us/library/eeyk640h.aspx[
^].
Will you try this simple sample of Host a WCF Service in IIS from Microsoft:
http://msdn.microsoft.com/en-us/library/ms733766.aspx[
^] — again, not authentication involved.
Maybe, you over-complicate the simple task because of your past experience with secure protocol(s)?
—SA