Types of Authentication

    WCF Authentication is basically referred to the verification of the caller who claims to the call the service. Verification of caller will be referring as service authentication. WCF offers various authentication mechanisms  

No authentication:Service does not authenticate its caller and it will allow all clients to access.

Windows authentication: Services use Kerberos when a windows domain service is available or NTLM when deployed in work group configuration. In this mode caller provides the windows credential tickets/token to the service authentication.

User Name/Password: Explicit username and password is provided to authenticate the service.

X509 certificates:In this mode of security, client will send his certificate information to the service communication. Service host will check and validate the caller certificate information to authenticate the service.

Custom mechanism:WCF allows developers to replace the build-in authentication mechanism by providing user own protocol and credential type for authentication.

Issue token:The caller and the service can both rely on a secure token service to issue the client a token that service identify and trust. E.g windows card space