网上查阅了相关WCF的例子，一般都要证书，对于简单的安全性不高的wcf如果寄宿在IIS中wcf的验证xx可基于asp.net 的窗体验证

该文对“WCF服务中操作FormsAuthentication的Cookie”操作有详细的说明

//建立user wcf锲约 

    [ServiceContract(Namespace = "")]
 
    public interface IUser
    {
        [OperationContract]
        LoginMessage DoWork(string name);

        [OperationContract]
        LoginMessage Login(string username, string pass);

        [OperationContract]
        void SignOut();
    }

    /// <summary>
    /// login DataContract
    /// </summary>
    [DataContract]
    public class LoginMessage
    {
     

        [DataMember]
        public string Text;
    }

//实现接口

 // 注意: 如果更改此处的类名 "User"，也必须更新 App.config 中对 "User" 的引用。
    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
    public class User : IUser
    {

        public LoginMessage DoWork(string name)
        {
            LoginMessage a = new LoginMessage();
            if (UserAuthenticate.isAuthenticate())
            {
                a.Text = "hello " + HttpContext.Current.User.Identity.Name.Trim();
            }
            else
            {
                a.Text="notlogin";
            }
            return a;
        }

        public LoginMessage Login(string username, string pass)
        {
            LoginMessage a = new LoginMessage();
            if (username == "xgr2004" && pass == "123456")
            {
                 UserAuthenticate.VerifyUser(username, pass);
                a.Text= "true";
            }
            else
            {
                a.Text = "false";
            }
            return a;
        }

        public void SignOut()
        {
            UserAuthenticate.SignOut();
        }

//验证部分，这里拷了我给出连接

   public   class UserAuthenticate
    {

      static  public string VerifyUser(string username, string password)
       {
        

               System.Web.Security.FormsAuthentication.SetAuthCookie(username, true);
               // 创建验证票
               System.Web.Configuration.FormsAuthenticationConfiguration formsConfig = new System.Web.Configuration.FormsAuthenticationConfiguration();
               FormsAuthenticationTicket formAuthTicket = new
                   FormsAuthenticationTicket(
                           1,                              // 版本
                           username,                          // 用户名称
                           DateTime.Now,                   // 创建时间
                           DateTime.Now.AddMinutes(formsConfig.Timeout.TotalMinutes),    // 失效时间
                           true,"");    // 用户数据

               //加密票
               string encryptedTicket = FormsAuthentication.Encrypt(formAuthTicket);
               // 以加密票的密文存入Cookie
               HttpCookie authCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encryptedTicket);

               authCookie.HttpOnly = true;
               authCookie.Path = FormsAuthentication.FormsCookiePath;
               authCookie.Secure = FormsAuthentication.RequireSSL;
               if (FormsAuthentication.CookieDomain != null)
               {
                   authCookie.Domain = FormsAuthentication.CookieDomain;
               }
               if (formAuthTicket.IsPersistent)
               {
                   authCookie.Expires = formAuthTicket.Expiration;
               }
           
               HttpContext.Current.Response.Cookies.Add(authCookie);
               FormsIdentity identity = new FormsIdentity(formAuthTicket);
               GenericPrincipal principal = new GenericPrincipal(identity, null);
               HttpContext.Current.User = principal;

             
               return "";
               return null;
        
       }

      static public bool isAuthenticate()
      {
        return  HttpContext.Current.User.Identity.IsAuthenticated;
       
      }

       static public void SignOut()
       {
        FormsAuthentication.SignOut();
        HttpContext.Current.Session.Clear();
     

       }
    }

本例子演示如上图所示

当点击登陆，用户名为xgr2004时就登陆，成功登陆后然后点操作就会显示hello name的说明

反之如果没有登陆就显示notlogin

大家拍板

附代码