I've been tasked with building a basic admin app. The app needs an ASP.NET front end which talks to a number of back end services using WCF.
One requirement is that the users of the app are authenticated using Windows authentication. I can do this no problem if the app logic were contained in the ASP.NET app, but I have no idea how to perform authentication within the back end WCF services?
It depends... (Note most of this is based on HTTP/IIS as the transport, could be different if using TCP or other bindings)
WCF itself can be setup to use Transport or Message security using the current running credentials.
If the WCF service (and anything it needs to talk with using the current credential) is on the same box as the ASP>NET front end you will probably be ok
...otherwise you could be heading for "Double Hop Authentication" trouble. Basically windows auth will get an "impersonation" identity on the webserver which is fine locally, but it does not have permission authenticate off of the web server. To do that you need a "delegation" identity.
The options that I am aware of for getting a delegation identity are Kerberos and Basic Authentication.
So if when you say "windows authentication" you really mean everyone (client and all servers) are on the same AD domain you might ok.