IIS

How to pass Windows Credentials from client to WCF?

Good day ... Although for the third day my head has been spinning. So we have a WPF client and an IIS service.
Client configuration:

<system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="TrackingHoursServiceBinding" maxReceivedMessageSize="2147483647" useDefaultWebProxy="False">
          <readerQuotas maxDepth="32" maxStringContentLength="20000" maxArrayLength="2147483647" 
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Ntlm"/>
          </security>
        </binding>
        <binding name="BasicHttpBinding_ITFSService" />
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://______TrackingHoursService.svc" binding="basicHttpBinding" 
        bindingConfiguration="TrackingHoursServiceBinding" contract="ITrackingHoursService" 
         name="WSHttpBinding_ITrackingHoursService">
        <identity>
          <dns value="localhost" />
        </identity>
      </endpoint>
      <endpoint address="http://_____/TFSService.svc" binding="basicHttpBinding" 
        bindingConfiguration="BasicHttpBinding_ITFSService" contract="ITFSService" name="BasicHttpBinding_ITFSService" />
    </client>
  </system.serviceModel>

And service Web.config:

<system.serviceModel>
    <protocolMapping>
      <add scheme="https" binding="basicHttpBinding" bindingConfiguration="TrackingHoursServiceBinding"/>
    </protocolMapping>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    <client />
    <bindings>
      <basicHttpBinding>
        <binding name="TrackingHoursServiceBinding" maxReceivedMessageSize="620000">
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Ntlm" />
          </security>
        </binding>
        <binding name="BasicHttpBinding_IPortableService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" receiveTimeout="00:10:00" sendTimeout="00:10:00" />
      </basicHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="_.TrackingHoursServiceBehavior" name="_.Service.TrackingHoursService">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="TrackingHoursServiceBinding" contract="_.Service.ITrackingHoursService">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="pcl" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IPortableService" contract="_.Service.ITrackingHoursService" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="_.TrackingHoursServiceBehavior">
          <serviceMetadata httpGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <extensions>
      <!-- In this extension section we are introducing all known service bus extensions. User can remove the ones they don't need. -->
      <behaviorExtensions>
        <add name="connectionStatusBehavior" type="Microsoft.ServiceBus.Configuration.ConnectionStatusElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="transportClientEndpointBehavior" type="Microsoft.ServiceBus.Configuration.TransportClientEndpointBehaviorElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="serviceRegistrySettings" type="Microsoft.ServiceBus.Configuration.ServiceRegistrySettingsElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </behaviorExtensions>
      <bindingElementExtensions>
        <add name="netMessagingTransport" type="Microsoft.ServiceBus.Messaging.Configuration.NetMessagingTransportExtensionElement, Microsoft.ServiceBus,  Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="tcpRelayTransport" type="Microsoft.ServiceBus.Configuration.TcpRelayTransportElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="httpRelayTransport" type="Microsoft.ServiceBus.Configuration.HttpRelayTransportElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="httpsRelayTransport" type="Microsoft.ServiceBus.Configuration.HttpsRelayTransportElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="onewayRelayTransport" type="Microsoft.ServiceBus.Configuration.RelayedOnewayTransportElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </bindingElementExtensions>
      <bindingExtensions>
        <add name="basicHttpRelayBinding" type="Microsoft.ServiceBus.Configuration.BasicHttpRelayBindingCollectionElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="webHttpRelayBinding" type="Microsoft.ServiceBus.Configuration.WebHttpRelayBindingCollectionElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="ws2007HttpRelayBinding" type="Microsoft.ServiceBus.Configuration.WS2007HttpRelayBindingCollectionElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="netTcpRelayBinding" type="Microsoft.ServiceBus.Configuration.NetTcpRelayBindingCollectionElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="netOnewayRelayBinding" type="Microsoft.ServiceBus.Configuration.NetOnewayRelayBindingCollectionElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="netEventRelayBinding" type="Microsoft.ServiceBus.Configuration.NetEventRelayBindingCollectionElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        <add name="netMessagingBinding" type="Microsoft.ServiceBus.Messaging.Configuration.NetMessagingBindingCollectionElement, Microsoft.ServiceBus, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </bindingExtensions>
    </extensions>
  </system.serviceModel>

On IIS the settings are as follows:







On the service side using

OperationContext.Current.ServiceSecurityContext.WindowsIdentity.Name

I can get the username of the user who is currently using WPF. But I need ICredentials .
If I try to take them from

System.Net.CredentialCache.DefaultCredentials
System.Net.CredentialCache.DefaultNetworkCredentials

it always returns something like Domain\pcName$
Tried to set them like this

tcs = new TrackingHoursServiceClient();
        tcs.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
        tcs.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
        tcs.ChannelFactory.Credentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
        tcs.ChannelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;

Nothing helps .... In short, I've been playing for 3 days already .... How can I transfer these damn credentials to the service and start using them there. I do not need a password or a username, but only a credential to create on his behalf (using his credential) a tfs client and, for example, create an Issue on behalf of the user. Who knows please help)