You are creating an ASP.NET web application that hosts several Windows Communication Foundation (WCF) services.
The services have ASP.NET Compatibility Mode enabled. Users authenticate with the Web application by using a cookie-based ASP.NET Forms Authentication model.
You add a service file named Authentication.svc that contains the following code segment:

<%@ ServiceHost Service=”System.Web.ApplicationServices.AuthenticationService”
Factory=”System.Web.ApplicationServices.ApplicationServicesHostFactory” %>

You need to ensure that users can access the WCF services without having to re-authenticate.
Which two configuration settings should you add? (Each is part of a complete solution. Choose two.)

A.
In the system web. Extensions scripting/webServices/authenticationService element, set the enabled attribute to true.

B.
In the system web. Extensions scripting/webServices/profileService element, set the enabled attribute to true.

C.
Add a service endpoint with basicHttpBinding for the contract System.Web.ApplicationServices.AuthenticationService.

D.
Add a custom service behavior named AuthenticationService Type Behaviors with a service AuthenticationManager element
that has service AuthenticationManagerType set to System.Web.Security.SQL Membership Provider

Explanation:
AuthenticationService Class Enables access to ASP.NET forms authentication as a Web service.

The AuthenticationService object enables you to authenticate users through a Windows Communication Foundation (WCF) service.
You use the WCF authentication service when you must authenticate users through ASP.NET membership from an application
that is outside the Web application that stores the user credentials.
The application must be able to send and consume message in the SOAP format. Through the AuthenticationService class, you can log users in,
log users out, validate credentials, check authentication status, customize authentication, and set the authentication cookie.

The AuthenticationService class contains four methods that you should access only through a WCF service: the IsLoggedIn,
Login, Logout, and ValidateUser methods. To call these methods, you enable the authentication service on a Web server
and then connect a WCF-compatible client application to the Web service.
For information about how to configure the authentication service, see How to: Enable the WCF Authentication Service.

To log users on, you pass the user credentials to the Login method. If the credentials are valid,
the AuthenticationService class creates an authentication cookie.
If the authentication cookie has not expired, you know that the user’s credentials have been authenticated and you do not have to validate the credentials again.
(Cookie-less authentication is not available through the AuthenticationService class.)

The AuthenticationService can raise two events: Authenticating and CreatingCookie.
The Authenticating event occurs when the user credentials are being validated.
Create an event handler for the Authenticating event to customize how user credentials are validated.
The CreatingCookie event occurs when the authentication cookie is being set after user credentials have been validated.
Create an event handler for the CreatingCookie event to customize the authentication cookie.

The ValidateUser method checks user credentials for authentication, but it does not return an authentication ticket.
Use ValidateUser when a user has previously logged in and you must check that the credentials are still valid at the start of a new application session.

<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled=”true” requireSSL = “true”/>
</webServices>
</scripting>
</system.web.extensions>
<system.serviceModel>
<services>
<service name=”System.Web.ApplicationServices.AuthenticationService”
behaviorConfiguration=”AuthenticationServiceTypeBehaviors”>
<endpoint contract=”System.Web.ApplicationServices.AuthenticationService”
binding=”basicHttpBinding” bindingConfiguration=”userHttps”
bindingNamespace=”http://asp.net/ApplicationServices/v200″/>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name=”userHttps”>
<security mode=”Transport” />
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name=”AuthenticationServiceTypeBehaviors”>
<serviceMetadata httpGetEnabled=”true”/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled=”true”/>
</system.serviceModel>

Services running in ASP.NET Compatibility mode participate fully in the ASP.NET application pipeline and can make use
of ASP.NET features such as file/URL authorization, session state, and the HttpContext class.
The HttpContext class allows access to cookies, sessions, and other ASP.NET features.
This mode requires that the bindings use the HTTP transport and the service itself must be hosted in IIS.

ASP.NET Compatibility
(http://msdn.microsoft.com/en-us/library/ms752234.aspx)