WCF: Windows or UserName authentication in one endpoint

We are implementing the following log on mechanism for our 3-tier application: User launches the client application and -

1. authenticates using her Windows session credentials (Active Directory)
2. or enters her AD credent开发者_如何学JAVAials if another user is already logged on to this Windows session
3. or enters her user name and password if the computer is not on the AD domain.

I.e. something like the SQL Server Management Studio log on box (+point 2. above).

The solution we came up with is having two endpoints, with two system bindings (one with Windows, the other with UserName client credential type).

I was wondering if there's a way of having just one endpoint with a custom binding that would magically allow the mixed authentication (either Windows or UserName)?

Also, why is it a bad idea?

Thanks!