Hi Bradley,

Welcome to MSDN newsgroup.
Regarding on the peforming WebService security through windows
authenitcation when using WSE in .net question, based on my understanding,
using the NTLM is not possible because NTLM is not a public protocol which
is only used internally by microsoft's buildin products and services....
And WSE as a webservice Message Level security component, it can only
utilize some public security protocols which has complete specification and
some existing platform which has implemented them according to the
specification. For example, the Username token, Kerberos Token.....  
And here, if you want to perform windows authentication (authenticate
clientside user against windows security authority...), we have the
following approach:

1. Use Username Token, this will require the client app to manually gather
the clear text username/password ,  construct a UsernameToken and add it
into the WSE SoapRequest 's context....   And the serverside's default
Usernametoken Manager will authenticate the token through local windows
security authority or DC if domain account is provided.....

2. For win2k or above domain environment, if the clientside and serverside
is configured correctly and meet the requirement of using kerberos
authentication, then this is the most preferred approach:

You can refer to the sections and sample in WSE 3.0 document about using
kerberos ticket to perofrm windows authentication .....

#Web Services Enhancements 3.0  Kerberos Ticket  
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse3.0/html
/041b5518-1ee3-4fda-a9fb-7bb61c6c2d34.asp

Hope helps. Thanks,

Steven Cheng
Microsoft Online Support

--------------------
From: Bradley Plett <plettb@newsgroup.nospam>
Subject: NTLM Authentication and WSE Security
Date: Sat, 03 Dec 2005 02:30:06 -0700
Message-ID: <0no2p19qomv2d6kcb9dnnnjt1eunngk64i@4ax.com>
X-Newsreader: Forte Agent 3.1/32.783
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
NNTP-Posting-Host: s010600062595c433.cg.shawcable.net 68.144.91.204
Lines: 1        
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices.enhancements:7827
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements

I'm a complete newbie at security in WSE, so I don't know if this is
simple or impossible.  I have written a Windows Service that uses WSE
to expose a web service.  I have written a Windows Forms client
application to consume the web service.  Those parts were trivial and
are working well.

Now I would like to have the client authenticate to the server using
NTLM.  Both pieces (client and server) are running in a Windows domain
environment.  If the service were being hosted by IIS, I would know
how to add NTLM authentication, but it's not.  Also, I know that IE
can support NTLM authentication transparently, but again my client is
not IE.

Whereas it might be nice to have a login popup if the user is not
already authenticated against the domain, that is not necessary at
this point (a simple failure is sufficient).  The basic solution I'm
after simply passes the domain authentication from the client to the
server.

After the server receives the client information, I will also need to
check group membership of the user in question, but I expect that to
be fairly straight forward once the credentials are passed.

Any help, especially a fairly simple example, would be MUCH
appreciated.  I need to understand both the server piece and the
client piece, but am having a little trouble knowing where to start.

TIA!
Brad.