Create a data transfer object (DTO) that has a data contract that has the same properties as the ApplicationUser class. You will have to do a transformation from your DTO to the ApplicationUser, and the other way. Use AutoMapper to do the transformation.
Personally I do not see any real benefit of putting security behind a WCF web service. A network hop and serialization/deserialization on every authorization is really going to dog your web application.
It is a good idea to separate it into a different layer, but that layer does not have be to be a web service. Take a look at SimpleSecurity. It provides a layer over ASP.NET Identity and demonstrates how to customize it for email confirmation and other enhanced functionality. Your authorization functionality is not a good item to distribute because it is hit for every request from the web client.