After a week I have found the solution. Adding the answer to help others who might face this problem in future :
Change the adapter of the service from Net.Tcp to HTTP
Change security details of service's binding by going to AX->Inbound Port->Configure.
Host the service in IIS, you have to host a service on IIS if you want to use it from other domains. This link explains the process http://technet.microsoft.com/en-us/library/gg731848.aspx
Enable only windows authentication on IIS.
Create a console application in visual studio on the same machine on which AX is installed. Add reference to the service. Your app.config should look like this :
<?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_Service1" allowCookies="true" maxBufferPoolSize="20000000" maxBufferSize="20000000" maxReceivedMessageSize="20000000"> <readerQuotas maxDepth="32" maxStringContentLength="200000000" maxArrayLength="200000000" /> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Windows" /> </security> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="http://******/MicrosoftDynamicsAXAif60/Test3/xppservice.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Service1" contract="ServiceReference1.Service1" name="BasicHttpBinding_Service1" > </endpoint> </client> </system.serviceModel> </configuration>
Take the dll of this console application and paste it in your other machine (the one not on the same domain)
Create a console application and add reference to this dll. Use this dll to access the service.
Paste the same app.config contents.
Add these three lines in the .cs file
workListSvc.ClientCredentials.Windows.ClientCredential.Domain = "*****"; workListSvc.ClientCredentials.Windows.ClientCredential.UserName = "kevin"; workListSvc.ClientCredentials.Windows.ClientCredential.Password = "*****";
Should work now.