FYI, the service configuration for WCF REST and integrated security is as follows:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="webBehavior">
<webHttp/>
<!--<enableWebScript/>-->
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<bindings>
<webHttpBinding>
<binding name="integratedWebHttpBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="AppNamespace.Service">
<endpoint address=""
behaviorConfiguration="webBehavior"
binding="webHttpBinding"
bindingConfiguration="integratedWebHttpBinding"
contract="AppNamespace.Service" />
</service>
</services>
</system.serviceModel>