I have a Windows Forms application that interacts with a WCF service published on IIS. I want the WCF service to use the existing Userprofiles in Commerce Server to authenticate users. The windows app will be installed on client machines possibly across different countries. I would like to know the best way to authenticate and authorize calls to the service. One option I have is to pass user credentials with every service request. I would like to know if there are any other robust techniques for this scenario. Any help would be appreciated.
Thanks.