The ways I can think of are:
No doubt there are other options.
More info: This is for an internet solution, not intranet/LAN
I have had good success using DotNetOpenAuth. StackOverflow uses it. http://dotnetopenauth.net
This HowTo should give you an idea of how to perform user authentication against an instance of AD, in case you have a domain behind your authentication.
WCF is simply a way to communicate accross communication networks, so you might as well be able to authenticate against AD through WCF.
I do hope this helps!
ASP.NET Membership Services is a good option. It allows you to back it with a database, Active Directory or your own custom authentication.
http://msdn.microsoft.com/en-us/library/yh26yfzy(VS.85).aspx
It's not limited to just websites, but can be used from Silverlight and WPF when exposed via web services.
Also look at OpenID/OpenAuth and even Facebook Connect for using a single login for authenticating against multiple websites/applications.
I've been using Windows Identity Foundation. Sure, the documentation is poor.
What seems really great though, is the "claims-based authentication". It basically allows the logon system to grant "claims", which are basically strings of information that describe the user. The claims are signed with a private key so the relying .net application can recognize that the claims are authentic.
Furthermore, you can use any underlying store of information about your users ( SQL, AD ) and the method of storing information about authorized users is entirely abstracted from your application. You could switch from SQL to AD one day and if the set up is correct, the relying .net application would receive the exact same claims and never know the difference.
If you are interested in claims based approach (which will open all kind of interesting opportunities like federation, etc), take a look at the "claims identity guide": http://msdn.microsoft.com/en-us/library/ff423674.aspx
Eugenio