WCF CustomUserNamePasswordValidator

I'm having an issue configuri开发者_如何学JAVAng WCF correctly for a security. The below configuration simply fails to recognize that I'm trying to use a CustomUserNamePasswordValidator. When I test the service, the Validator class is just ignored as though I've never configured anything. Can anyone spy something wrong in this configuration? Any help would be greatly appreciated.

<?xml version="1.0"?>

  <service behaviorConfiguration="defaultServiceBehavior" name="SSAServices.SelfServiceAdvertiserService">
    <endpoint address="/2.4/SelfServiceAdvertiserService.svc" binding="wsHttpBinding" contract="SSAServiceContracts.Two_Four.ISelfServiceAdvertiserService" bindingConfiguration="serviceBinding" />
 </service>
    </services>
<bindings>
  <wsHttpBinding>
    <binding name="serviceBinding" >
      <security mode="Message">
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior name="">
                <serviceMetadata httpGetEnabled="true"/>
                <serviceDebug includeExceptionDetailInFaults="false"/>
            </behavior>
    <behavior name="defaultServiceBehavior">
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ServiceAuthenticationBase, SSAServices" />
      </serviceCredentials>
    </behavior>
        </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true">
    </modules>
</system.webServer>

I think the cuase of the problem is here:

customUserNamePasswordValidatorType="ServiceAuthenticationBase, SSAServices" 

You should declare your type with its namespace and class name like this:

customUserNamePasswordValidatorType="SSAServices.ServiceAuthenticationBase, SSAServices"

customUserNamePasswordValidatorType="type, assembly"

Hope this helps.

OK I asked a question to see if this binding works - since I doubted - but I though I might as well post my answer as I cannot see how this can work.

Message security requires encryption and for this to happen you also need negotiation. So you need to setup a X509 certificate for your service in the beahviour section:

                     <serviceCredentials>
                            <serviceCertificate findValue="MyCert" storeLocation="LocalMachine"
                                 storeName="My" x509FindType="FindBySubjectName" />
                            <userNameAuthentication userNamePasswordValidationMode="Custom"
                                 customUserNamePasswordValidatorType="type, assembly" />
                     </serviceCredentials>

Also make sure you turn on negotiation as well:

                <security mode="Message">
                    <message clientCredentialType="UserName" negotiateServiceCredential="true" />
                </security>