I have an ASP.Net site using Forms authentication. One of the aspx pages loads a WinForms user control hosted in IE. That control must connect with a WCF service located in the same ASP.Net web site.

How can I make the WCF service secure? Currently I have set the WCF service to use AspNetCompatibilityRequirements mode but the user control hosted in IE can't connect to the WCF service as it isn't logged in.

Basically I need to extract the user credentials from the aspx page and set them on the user control so that it can log in to the WCF service.

Is this possible? Or is there a better way?

I think this answer probably has everything you need: Passing FormsAuthentication cookie to a WCF service. You just need to pass the authentication cookie to your control when you instantiate it.

As to there being a better way, I personally wouldn't host a WinForms control inside IE. If I were shooting for what was easiest I'd go with Silverlight. If that isn't possible I would make the web service non-soap and use JQuery.