I have client apps that talk to my silverlight application and its web services. So the client app is running on the client machine and making calls directly to the silverlight app running on the machine and also making web service calls.
I want the usernames/password security to be handled by the 3rd party client app.
Any idea how I can do this?
I'd try the Application Scenario's, Guidelines and How Tos sections of this CodePlex Link. You should be able to find a scenario that matches closely to yours and follow the guidelines and configuration to get yourself going.
If I've understood this correctly, the client application would pass a username/password to your silverlight app which would require a wsHttpBinding that has clientCredentials="Username". You would need to be able to authenticate this against a user store configured on your server, for example you could configure a SQL Server provider.
I'm not sure how your 3rd party client app works, but you would require a seperate security configuration for that communication. You could use a less secure binding if the apps were on the same machine and possibly use clientCredentials="Windows"/"None"/"Basic".
Difficult to advise further without knowing your exact situation. What do you have so far?