IIS or WAS hosted services do have BASIC authentication
working in BasicHttpBinding mode. You need switching to SSL (Transport security
mode) and rely on services provided by host. I implemented that and it works
perfectly. Here is client-side configuration:
<transport clientCredentialType="Basic" proxyCredentialType="None"
MSDN provides nice HowTo. Look at http://msdn.microsoft.com/en-us/library/ff649647.aspx