WCF can be the right technology for developing rich client connected applications, that interacts with a server. It can be through web services or just plain and binary protocols, but the most common scenarios will require the client authenticates to the server before can start using it.
If integrated authentication is possible, that would be the recommended approach. When this is not the case, there are some other authentication methods that comes right out of the box with WCF. The simplest would be just username & password credentials.
In order to avoid having to provide the credentials to WCF every time you create a proxy, I wrote this custom ClientCredentials implementation that automatically ask the user for entering the username and password. This is done using the DPAPI standard and secure dialog, displayed with CredUIPromptForCredentials api.
The dialog is configured in the endpoints adding a custom behavior:

    <behavior name="MyBehavior">
      <smartClientCredentials caching="ByHostName" />
    <add name="smartClientCredentials" type="SmartClientPassword.SmartClientCredentialsElement, SmartClientPassword, Version=, Culture=neutral, PublicKeyToken=null" />

The caching argument specifies how the credential is reused across the calls, and avoids requesting the user the same credentials every time a new proxy is created. It can take the values Single to store a single username and password and use for every call, ByHostName to reuse the same credentials in all the calls made to the same server, ByEndpoint to store the credentials by endpoint, and None to not caching credentials at all. The default value if the argument is not specified is ByEndpoint.

Download the sample project: SmartClientPassword.zip