Authentication approaches for WCF REST

I have a WCF REST file server that validates use开发者_StackOverflow社区rs by taking in two additional parameters, username and password, with each request. e.g., System.IO.Stream Download(string username, string password, int fileid)

I wanted to use GET for all methods, but I can't do this since I don't want the username and password visible in the address bar. Instead, I'm using POST which isn't exactly bullet proof, but still a better choice than GET in this case.

Are there any other better approaches to user validation excluding basic HTTP authentication? Preferably something that would let me use GET without having to include the usernames and passwords in the URL.

Trying to hide the username and password by changing the Http Method from GET to POST has basically no added security. Even very untechnically challenged people can use just about any program to see what data is being sent to the server.

Now beyond the obvious username password issue, you could use HTTP Headers instead of QueryString parameters to pass values back to a WCF Service (RESTful). This would allow you to use the GET method and still pass the username and password without those specific values existing in the URL, but again, this is virtually no added security.