Access SharePoint 2010 List remotely from a WPF Client using Lists Web Service

from my understanding if im right CredentialCache.DefaultCredentials means that your using the network credentials.

as an example:

I sign on to my pc with a domain/username and that is the same as on sharepoint as its connected via active directory.

when you use CredentialCache.DefaultCredentials it using that exact credentials you used to login to the local machine! if those credentials (domain name) on the local machine have access to sharepoint than it will use it :)

with CredentialCache.DefaultCredentials its only a get method and you cannot see the values but mearly use them only!

security wise? its secure aslong as you dont give anyone your logon details ;), as long as your the person logging onto the computer than it would use those credentials and youll be fine ;) !

The DefaultCredentials property applies only to NTLM, negotiate, and Kerberos-based authentication.

DefaultCredentials represents the system credentials for the current security context in which the application is running. For a client-side application, these are usually the Windows credentials (user name, password, and domain) of the user running the application. For ASP.NET applications, the default credentials are the user credentials of the logged-in user, or the user being impersonated.

http://msdn.microsoft.com/en-us/library/system.net.credentialcache.defaultcredentials.aspx

as noted in my answer you need to also digg into authentication types!

Kerberos is a secure protocol that supports an authentication method that uses tickets provided by a trusted source. Kerberos tickets represent the network credentials of a user who is associated with a client computer. The Kerberos protocol defines the way in which users interact with a network authentication service to gain access to network resources. The Kerberos KDC issues a ticket to a client computer on behalf of a user. After a client computer establishes a network connection to a server, the client computer requests network access by presenting the Kerberos authentication ticket to the server. If the request contains acceptable user credentials, the KDC grants the request. For service applications, the authentication ticket must also contain an acceptable Service Principal Name (SPN). To enable Kerberos authentication, the client and server computers must already have a trusted connection to the KDC. The client and server computers must also be able to access Active Directory Domain Services (AD DS).

http://technet.microsoft.com/en-us/library/ff607695(v=office.14).aspx

above link is on kerberos and network authentication!

You can set "CookieContainer" Property

            Lists lists = new Lists();
            if (base.session.AuthenticationScheme == WebSession.AutenticationMode.Windows)
            {
                lists.Credentials = this.Credentials;
            }
            lists.Url = Utility.CombineWebPath(listUrl, "_vti_bin/Lists.asmx");
            lists.CookieContainer = this.session.Cookies;

Get "CookieContainer" like this:

    HttpWebRequest request = null;
    request = (HttpWebRequest)WebRequest.Create(uri.AbsoluteUri);
    request.Method = "GET";
    request.CookieContainer = base.session.Cookies;
    request.UserAgent = GenericSession.USER_AGENT;
    request.Headers.Add("X-FORMS_BASED_AUTH_ACCEPTED", "f");
    request.AllowAutoRedirect = false;
    request.Credentials = base.GetNetworkCredentials(username, password, domain);