1. Configure a binding that uses message security over any transport or transport-level security over HTTP(S).

   When using message security, add one of the system-provided bindings, such as a <wsHttpBinding>, or a <customBinding> that supports message security and the UserName credential type.

   When using transport-level security over HTTP(S), add either the <wsHttpBinding> or <basicHttpBinding>, a <netTcpBinding> or a <customBinding> that uses HTTP(S) and the Basic authentication scheme.

   Note
   When .NET Framework version 3.5 or later is used, you can use a custom username and password validator with message and transport security. With WinFX, a custom username and password validator can only be used with message security.

   Tip
   For more information on using <netTcpBinding> in this context, see <security> of <netTcpBinding>

   1. In the configuration file, under the <system.serviceModel> element, add a <bindings> element.

   2. Add a <wsHttpBinding> or <basicHttpBinding> element to the bindings section. For more information about creating an WCF binding element, see How to: Specify a Service Binding in Configuration.

   3. Set the mode attribute of the <security> of <wsHttpBinding> or <security> of <basicHttpBinding> to Message, Transport, or TransportWithMessageCredential.

   4. Set the clientCredentialType attribute of the <message> of <wsHttpBinding> or <transport> of <wsHttpBinding>.

如果第3步使用的是Security是Message，那么就设置MessageSecurity的MessageClientCredentialType为UserName

When using message security, set the clientCredentialType attribute of the <message> of <wsHttpBinding> to UserName.

When using transport-level security over HTTP(S), set the clientCredentialType attribute of the <transport> of <wsHttpBinding> or <transport> of <basicHttpBinding> to Basic.

Note
When a WCF service is hosted in Internet Information Services (IIS) using transport-level security and the UserNamePasswordValidationMode property is set to Custom, the custom authentication scheme uses a subset of Windows authentication. That is because in this scenario, IIS performs Windows authentication prior to WCF invoking the custom authenticator.

For more information about creating an WCF binding element, see How to: Specify a Service Binding in Configuration.

The following example shows the configuration code for the binding.

<system.serviceModel>

  <bindings>

  <wsHttpBinding>

      <binding name="Binding1">

        <security mode="Message">

          <message clientCredentialType="UserName" />

        </security>

      </binding>

    </wsHttpBinding>

  </bindings>

</system.serviceModel>

如果Mode设置为Transport的话，那么就需要设置TransportSecurity的TransportClientCredentialType

2.Configure a behavior that specifies that a custom user name and password validator is used to validate user name and password pairs for incoming UserNameSecurityToken security tokens.

1. As a child to the <system.serviceModel> element, add a <behaviors> element.

2. Add a <serviceBehaviors> to the <behaviors> element.

3. Add a <behavior> of <serviceBehaviors> element and set the name attribute to an appropriate value.

4. Add a <serviceCredentials> to the <behavior> of <serviceBehaviors> element.

5. Add a <userNameAuthentication> to the <serviceCredentials>.

6. Set the userNamePasswordValidationMode to Custom.

   Important
   If the userNamePasswordValidationMode value is not set, WCF uses Windows authentication instead of the custom user name and password validator.

7. Set the customUserNamePasswordValidatorType to the type that represents your custom user name and password validator.

The following example shows the <serviceCredentials> fragment to this point.

<serviceCredentials>

<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Microsoft.ServiceModel.Samples.CalculatorService.CustomUserNameValidator, service" />

</serviceCredentials>