http://msdn.microsoft.com/en-us/library/bb386582.aspx
The Windows Communication Foundation (WCF) authentication service enables you to use ASP.NET membership to authenticate users from any application that can send and consume a SOAP message. This can include applications that do not use the .NET Framework. Users of these different applications therefore do not need separate credentials for each application. Users can provide the same credentials when they use any one of the client applications, and be logged in to the application from all of them.
To use the service, you pass the user's credentials to the authentication service, which validates the credentials by using ASP.NET membership. By default, the authentication service validates the user name and password by passing them to the default membership provider.
When the user has been authenticated, the ASP.NET authentication service issues an authentication ticket as an HTTP cookie that is compatible with ASP.NET forms authentication. In subsequent requests, the ticket is passed to the Web application so that the user does not have to provide credentials every time.
The authentication service does not support embedding the authentication ticket in the URL. Therefore, cookies must be enabled in the client to retain the authentication ticket.