If you are using username authentication, use SQL Server Membership Provider instead of custom authentication
Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen
If you are using username authentication in WCF, do not try to implement your own user authentication mechanism. Use the SQL Server Membership Provider to store your users and manage username/password combinations.
The SQL Server Membership Provider can be integrated into a WCF application to authenticate consumers of your service. Use a WCF binding that supports user name/password credentials, such as the WSHttpBinding and set the client credential type to UserName.
Configure the membership provider in your configuration file to authenticate users against the SQL store.
The following configuration snippet shows how to configure the membership provider:
<membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="15">
connectionStringName="server=(local);database=aspnetdb;integrated security=true" />