It depends entirely on the binding you use, and there is no general answer.
For example, if you use NetNamedPipeBinding and do
myChannelFactory.Credentials.UserName.UserName = "username"; myChannelFactory.Credentials.UserName.Password = "password";
you are wasting your time: client-side binding will not do anything with this data, it will not be in the message, and it will not be available at all from the service side.
The binding will only use this data if it is configured with security settings that determine the use of username and password credentials. All standard bindings that do this will use credentials for authentication, the results of which will then be displayed in the service through ServiceSecurityContext , as specified in casperOne, and will not include password data.
To support authentication, data must be transported somewhere in the message headers. Exactly where and in what form will again be dependent on the binding. Do not assume that you will always find them in operationContext.IncomingMessageHeaders[1] .
EDIT: You can create a custom binding that will give you what you are looking for.
CustomBinding binding = new CustomBinding( ... ); binding.Elements.Insert(1, SecurityBindingElement.CreateUserNameOverTransportBindingElement());
On the service side, specify UserNamePasswordValidator and configure the credentials as follows:
serviceHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode = System.ServiceModel.Security.UserNamePasswordValidationMode.Custom; servicehost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator = new MyUserNamePasswordValidator();
The username and password will be passed to the Validate method MyUserNamePasswordValidator .
WARNING. This is not a secure authentication mechanism unless you are using secure transport, as credentials are sent in a box in the message header.
Chris dickson
source share