Using Windows authentication with WCF enables developers to support centralized access management for enterprise services. As default the framework uses the computer login credentials of the Windows user accessing the service.
This default behavior works for all the cases where the computer belongs to the same domain as the server, e.g. when using a company computer. But a when external users needs to access a service that uses Windows authentication, the client needs to send credentials the server can identify. For this you need to define the credentials prior to creating the channel.
new System.Net.NetworkCredential(name, password, domain);
Make sure not to mix the factory.Credentials.Windows.ClientCredential and factory.ClientCredential properties.
There is also a good resource about debugging Windows authentication errors at MSDN.