This is a good starting point of a WCF REST WebService:

REST / SOAP endpoints for a WCF service

(BTW: Stackoverflow has nice REST kind of urls.)
You can test a REST service with just a web browser (Go to the url and get the XML or JSON). Fiddler is also good tool, and FireBug-plugin for FireFox. I usually make a thin service-interface project and a separate (unit-tested) logics-project.

For authentication I would first generate a Guid and a timestamp. Then based on those a hash (.NET supports SHA256 and SHA512). The Guid can be stored to server (database table) to map it some concrete numerical id. Then you can have a rest url like:

/myobject/1?timestamp=20100802201000&hash=4DR7HGJPRE54Y 

and just disable the hash & timestamp check in development environment (e.g. with AOP). With timestamp I would check that the stamp is between 15 minutes back and forward in time (=should be enough to prevent attacks).

Will your service be visible to the public/internet and is your client a jQuery or Silverlight -client? Then you still have a problem: You don’t want to include a secret key in the client software code.

So you need to generate hash in server and some kind of cookie to store the client session. (This can be done e.g. with a separate login-page/application in a folder with different config-file.) I remember that this book did have something on the topic:

If you want to enable the HttpContext when using WCF, you need to set <serviceHostingEnvironment aspNetCompatibilityEnabled="true"> under <system.serviceModel>.
Then you can check current user identity from HttpContext.Current.User.Identity.Name.

However, if you want to make a pure REST service then you don’t use cookies, but a HTTP Basic Authentication coupled with SSL/TLS for each call.

I think that it’s easy to make a client with just LINQ2Xml or jQuery so maybe client generation is not needed.

Or you can also have both, a SOAP and a REST interface, and use a service reference to make a client.