At the last ONETUG meeting a question came up how to force WCF to use Windows Auth (i.e. Kerberos). By default WCF is in negotiate mode. While this is good for many cases where you cannot ensure that Kerberos will be available if you are in an intranet environment where you know it will be you can speed up your service by skipping the negotiation phase. Matevz Gacnik has a good sample in his blog (http://www.request-response.com/blog/PermaLink,guid,4b5f46cd-3c15-4213-9570-1a235c4a615e.aspx) using certificates, the only change is to set the clientCredentialType to “Windows”.
<bindings>
<wsHttpBinding>
<binding name="MySecureBinding">
<security mode ="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="false"/>
</security>
</binding>
</wsHttpBinding>
</bindings>