In WCF there are 2 types of Security.1. Transport Security : Transport level security happens at the channel level. Transport level security is the easiest to implement as it happens at the communication level. WCF uses transport protocols like TCP, HTTP, MSMQ etc and every of these protocols have their own security mechanisms. One of the common implementation of transport level security is HTTPS. HTTPS is implemented over HTTP protocols with SSL providing the security mechanism. No coding change is required it's more of using the existing security mechanism provided by the protocol.2. Message Security : Message level security is implemented with message data itself. Due to this it is independent of the protocol. Some of the common ways of implementing message level security is by encrypting data using some standard encryption algorithm.
We can use security modes like Message, Transport, TransportMessageWithCredentials.Windows = windows identity Transport & TransportMessageWithCrednetials = Certificate security.
In WCF, There are two type of security available please check in details on :http://www.csharpmagic.com/IQuestionAns/difference-between-message-and-transport-level-security-in-wcf-33.aspx
Please see URL http://www.codeproject.com/Articles/36732/WCF-FAQ-Part-security-related-FAQ
http://www.tutorialspoint.com/wcf/wcf_security.htm