Custom UserNamePasswordValidator with Silverlight 3.0

I have implemented a WCF service that uses a TransportWithMessageCredential binding and a custom UserNamePasswordValidator.

I have a Silverlight 3 client connecting to this service. If I set valid credentials it works perfect, however, in the username validator I throw a SecurityTokenExce开发者_StackOverflow中文版ption if the username and password does not match.

Now I have implemented a dummy service call just to verify the credentials, is there a "nicer" way of checking the credentials. A service method that accept username and password and returns true/false doesn't feel safe.

I think you're going about security in the wrong way. there are builtin methods for dealing with this. Look up "Membership Providers". Ex:

http://blogs.msdn.com/brada/archive/2008/05/03/accessing-the-asp-net-authentication-profile-and-role-service-in-silverlight.aspx