<configuration>
  <connectionStrings>
    <remove name="LocalSqlServer"/>
    <add name="LocalSqlServer"
         connectionString="Data Source=msapps-qa;Initial Catalog=aspnetdb;UID=blah; Password=blah"  providerName="System.Data.SqlClient" />
    <add name="blah"
         connectionString="data source=.;Integrated Security=false;UID=blah;Password=blah;Initial Catalog=library;" providerName="System.Data.SqlClient"/>
  </connectionStrings>
  <system.web>
    <compilation debug="true" />
    <customErrors mode="Off" />
    <membership defaultProvider="SqlMembershipProvider" userIsOnlineTimeWindow="15">
      <providers>
        <clear />
        <add
          name="SqlMembershipProvider"
          type="System.Web.Security.SqlMembershipProvider"
          connectionStringName="LocalSqlServer"
          applicationName="/"
          enablePasswordRetrieval="false"
          enablePasswordReset="false"
          requiresQuestionAndAnswer="false"
          requiresUniqueEmail="true"
          passwordFormat="Hashed" />
      </providers>
    </membership>

    <!-- Configure the Sql Role Provider -->
    <roleManager enabled="true" defaultProvider="SqlRoleProvider">
      <providers>
        <add connectionStringName="LocalSqlServer" applicationName="/" name="SqlRoleProvider"
          type="System.Web.Security.SqlRoleProvider" />
      </providers>
    </roleManager>

    <authentication mode="Forms"></authentication>
  </system.web>
  
  <system.serviceModel>

    <protocolMapping>
      <add scheme="http" binding="wsHttpBinding" />
    </protocolMapping>

    <behaviors>
      <serviceBehaviors>
        <behavior name="ServiceBehavior">
          <serviceAuthorization principalPermissionMode="UseAspNetRoles"
                             roleProviderName="SqlRoleProvider" />
          <serviceCredentials>
            <!-- Configure user name authentication to use the Membership Provider -->
            <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
                                    membershipProviderName="SqlMembershipProvider" />

            <!-- Configure the service certificate -->
            <serviceCertificate

              storeLocation="LocalMachine"
                                storeName="My"
                                x509FindType="FindBySubjectName"
                                findValue="WMSvc-MSAPPS-QA"  /> <!--Enter your Server Certificate Name in here-->
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>

    <serviceHostingEnvironment multipleSiteBindingsEnabled="True">
    </serviceHostingEnvironment>
    <services>
      <service name="WCFLibraryService.LibraryService" behaviorConfiguration="ServiceBehavior">
        <endpoint address=""
                  binding="wsHttpBinding"
                  bindingConfiguration="MembershipBinding"
                  contract="WCFLibraryService.ILibraryService"
                  name="ASPmemberUserName"/>
        <endpoint address="mex"
                  binding="mexHttpsBinding"
                  contract="IMetadataExchange"
                  bindingConfiguration="">
        </endpoint>
      </service>
    </services>

    <bindings>
      <wsHttpBinding>
        <binding name="MembershipBinding" maxReceivedMessageSize="20000000" maxBufferPoolSize="20000000">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="None" proxyCredentialType="None"></transport>
            <message clientCredentialType="UserName" negotiateServiceCredential="true"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    
  </system.serviceModel>
  <system.webServer>
    <directoryBrowse enabled="true" />
  </system.webServer>

</configuration>

this thing is a pain to configure

WCF Configuration using TransportWithMessageLevel Credential and Forms Authentication

forms, c#

C#