WebAgent on IIS does not intercept requests made on webservices resource ("*.svc"). It does intercept other kind of resources (same path).
For example this URI /toto is protected by SiteMinder with basic athentication scheme.
All URIs that starts by /toto are caught by SiteMinder and we are prompted for login and password Except this URI /toto/WSService.svc
We can not see the request in the Webagent traces
We can see the /toto/WSService.svc displayed correctly in the browser and in the IIS access log
We can see the following in the failed request tracing:
All modules were locked at the server level and the siteminder module was at the end at the application level.
Unlocked them and put the siteminder module at the top (first module).
If you need to protect a WebService for SOAP and REST request you may need to use SOA or WSS Agents.