Authentication when using Security Token Service

I have created a Security Token Service (STS), an service with a reference to the STS and an example desktop application.

This works as expected when using Windows authentication and Message security, a token is retrieved from the STS and the service method is called successfully. The service returns a string containing the current users identity, which returns my AD username.

I have a requirement however to authenticate against a database rather than AD. I have tried creating a CustomUserNameValidator (in the STS, is this the correct place?) and referencing it in the web.config. I then provide the credentials as shown below.

SampleServiceReference.SampleServiceClient client = new SampleServiceReference.SampleServiceClient(); client.ClientCredentials.UserName.UserName = "alex"; client.ClientCredentials.UserName.Password = "pass";

I believe the certificates are set up correctly (all using 'localhost'), however I receive the following exception when calling the service:

System.ServiceModel.FaultException: ID3242: The security token could not be authenticated or authorized.

Whatever I try seems to fail. Is what I am describing even possible? Does the service client also pass the client credentials through to the STS, or am I completely misunderstanding what is happening here?

This stackoverflow question is similar, however I ha开发者_如何学JAVAve checked the audience URL and it seems ok. WIF STS ID3242

Has anyone got any advice on how I can achieve custom authentication when using a STS?

Update: the code samples referenced below are not available anymore (Codeplex doesn't exist). The book download does and it is here: https://www.microsoft.com/en-us/download/details.aspx?id=28362

There's a simple example of what you need here: http://claimsid.codeplex.com

Look at either sample 8 or 4.

Small clarification though. The username/password authentication is on the STS, not on your service. Your service will authenticate with a security token obtained from the STS.

Have a look at StarterSTS.

The full source code is provided and it authenticates against the standard aspnetdb roles based SQL DB. There are a number of videos to help you get it up and running.

This project was then turned into ASP MVC - IdentityServer. This isn't quite as mature wrt the help files etc.