I've looked at the security guide at wcfsecurity.codeplex.com. The guide is fairly straightforward. However, I cannot find anything relating to a WCF service hosted in a Windows Service.
Without the support of IIS, ASP.net runtime and all its role, profile, etc providers, is it possible to still apply security to the WCF service??
Its absolutely possible to host in a windows service and secure the WCF service. For username authentication you can still use the RoleProvider model if that's what you want to do or you can write a custom userName validator
The WCF model is that all WCF features should be available independently of the hosting environment. The only time this changes if you opt into ASP.NET compatibility mode
Edit: added wiring in customer role provider config
To configure user names with a role provider use the following config
<serviceBehaviors>
<behavior>
<serviceCredentials>
<userNameAuthentication membershipProviderName="myCustomRoleProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>