I have written a very simple WCF service (hosted in IIS) and web application that talks to it. If they are both in the same domain, it works fine. But when I put them in different domains (on different sides of a firewall), then the web applications says:

The request for security token could not be satisfied because authentication failed. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. Source Error: An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

The revelant part of the service web.config is:

<system.serviceModel>
<services>
  <service behaviorConfiguration="MigrationHelperBehavior"
    name="MigrationHelper">
    <endpoint address="" binding="wsHttpBinding" contract="IMigrationHelper">
      <identity>
        <dns value="localhost" />
      </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />    	<endpoint  binding="httpBinding" contract="IMigrationHelper" /> 	  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="MigrationHelperBehavior">
      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
</system.serviceModel>

The web appliation (client) web.config says:

<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IMigrationHelper" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
	<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
	<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
	<security mode="Message">
		<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
		<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"/>
	</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://mydomain.com/MigrationHelper.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMigrationHelper" contract="MyNewServiceReference.IMigrationHelper" name="WSHttpBinding_IMigrationHelper">
<identity>
	<dns value="localhost"/>
</identity>
</endpoint>
</client>
</system.serviceModel>

I believe both these are just the default that VS 2008 created for me.

So my question is, how does one go about configurating the service and client, when they are not in the same domain?

Thanks .Jim Biddison