.Net Framework built a robust framework for building distributed application by providing different security means to protect your WCF Service.
you can protect your WCF Service by 3 different ways which is most requested for all different kind of applications :
1) Windows Role Token group based on Active Directory Group.
2) SQL Role Provider: user roles stroed in a DB.
3) Authorization Role Provider : using MS Authorization manager tool.
** This tool let you store the roles in the AD or XML file.