Silverlight and ASP.NET AuthenticationService with self-hosted WCF Service?

I have an internal LOB Silverlight client that uses business logic in a self-hosted WCF service (cro开发者_JS百科ss domain).

I'm thinking of using ASP.NET AuthenticationServices. How would I set this up with my self-hosted WCF service?

• Call ASP.NET AuthenticationService from Silverlight to authenticate user? But this would not protect my self-hosted service...

• Send username/password in every request from Silverlight and in my self-hosted service call ASP.NET Authentication Services? (Feels a bit backwards?)

• Call ASP.NET AuthenticationService from Silverlight to authenticate user, send username/password in every request from Silverlight to allow logging etc, and use some other means to protect my service?

Is there some way to glue this together or is ASP.NET AuthenticationService not meant to be used when having a self-hosted WCF service?

All of the research I've done on the WCF Authentication Service indicates it's usage is for same-domain (RIA-like) applications. It sets the HttpContext.Current.User and creates a user session, so you can restrict your other WCF endpoint in some subfolder of the hosting website and control access via the web.config file. In this scenario, you can use the log the HttpContext user. If you plan to do things cross-domain, I think you'll find you need to use a combination of Transport (HTTPS) and Message security in the WCF binding configuration. This basically means your 2nd bullet point is true and you'll need to set the Username/Pw on the service client credentials (using Windows Auth or forms auth) and all WCF to send them across the wire with each message...