Home/ Questions/Q 5839495
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T11:35:32+00:00

I have a Customer Username/Password validator. Is it sufficient enough to have it in

  • 0

I have a Customer Username/Password validator. Is it sufficient enough to have it in the endpoints bindingConfiguration attribute in web.config or do I need to explicitly call it in the Service method. I noticed when I don’t call it a Service operation, it doesn’t get called. Am I doing something wrong?

This is how I have my bindings section defined:

<bindings>
  <wsHttpBinding>
    <binding name="CustomAuthentication">
      <security mode="Message">
        <message clientCredentialType="UserName"/>
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

This is how I have my service node defined:

<service behaviorConfiguration="CustomValidator" name="Test.TestService">

My endpoint attribute has its BindingConfiguration = “CustomAuthentication”

This is how I have a behavior in my ServiceBehaviors defined:

<behavior name="CustomValidator">
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom"
                                 customUserNamePasswordValidatorType="Test.CustomUserNameValidator, FuzionSync"/>

        <serviceCertificate findValue="MyWebSite" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>

        </serviceCredentials>

      <serviceMetadata httpGetEnabled="True"/>

    </behavior>

When I run the wcf test client to invoke the service call, it doesn’t even call the Validate method. The only way I get it to call is if I put it in an operation to be called explicitly.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You need to specify this both in the binding configuration and in the service behavior. This is how it looks in one of our projects (the important parts are clientCredentialType="UserName" and the <serviceCredentials> element):

    <bindings>
  <wsHttpBinding>
    <binding name="SSLWithCustomAuthentication">
      <security mode="TransportWithMessageCredential">
        <transport clientCredentialType="None" proxyCredentialType="None" />
        <message clientCredentialType="UserName" 
                 negotiateServiceCredential="true"
                 algorithmSuite="Default" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

<behaviors>
  <serviceBehaviors>
    <behavior name="customAuthenticationBehavior">
      <serviceCredentials>
        <userNameAuthentication 
          userNamePasswordValidationMode="Custom"
          customUserNamePasswordValidatorType="Namespace.YourValidator, AssemblyName"/>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

    and then have your service use behaviorConfiguration="customAuthenticationBehavior".

    Note that I don’t think WCF lets you use UserName authentication without SSL.

    • 0