Having just gone through this, I thought I'd share the basic procedure when calling WSS 3.0 Web services such as lists.asmx and views.asmx from a WCF client. As you may know, the exceptions returned by the WSS Web services are terse. Hopefully, this post will help someone trying to avoid those in their own project.
Step 1 - Add a Service Reference to the WCF service you want to call (Duh)
Note that I included the "?wsdl". If you don't VS will be redirected to /_vti_bin/Lists.asmx. That doesn't matter from a service client code generation standpoint, just that the WCF endpoint addresses in App.config will need to be changed as they'll be pointing to the wrong URL, and none of the lists and other objects in your site will be found by the Web services.
.JPG)
Step 2 - Modify the App.Config file to change the security binding configuration used by the client
In the basicHttpBinding section, replace:
<security mode="None">
<transport clientCredentialType="None"
proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
With:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" />
</security>
Step 3 - Allow the Web service to impersonate the user
WssList.ListsSoapClient listService = new WssList.ListsSoapClient("ListsSoap");
listService.ClientCredentials.Windows.AllowedImpersonationLevel
= System.Security.Principal.TokenImpersonationLevel.Delegation;
XmlElement elem = listService.GetListCollection();
End transmission...