a tricky one that needs depth, but roughly you would have a user table with hashed passwords.
A wcf service to authenticate passing a password hash over SSL along with a username. Then return a true or FALSE and whatever other info you needed.
The hash is important if you want to be secure. Don't do MD5. I thing a SHA one would cover it and preferably with a salt too.