Lets say you are already logged into the website using Forms authentication. I would like to have an "island" of Silverlight content in an ASPX page. Since the user is already logged in and has a valid session, I would like to reuse those credentials in the "Island" of silverlight/devforce content. (All point at the same site, no cross site ect..)
If you run your WCF services in ASP.NET compatability mode, you can support this senario I believe. The cookies are shared and the ASP.NET stack will have already taken care of the ID validation.
Then, instead of passing the actual login and password, you could validate using the Current Identity of the user. Server side would be more of a Role check instead of a creds check...
The Out of browser abilities would add some complexity for sure. (I need to think more about that)
Does DevForce's WCF services support ASP.NET compatability mode?
There are some videos on the Silverlight.NET site by Tim H. They were actually showing how to share creds from an ASPX Forms authenticated page and an ADO>NET data services.