How can I evaluate custom ClientCredentials on the server in WCF?

Question

I have the following scenario going on:

A windows "fat client" application is connecting to a WCF webservice. Both, client and webservice use exact the same binding, which looks like this:

private static NetTcpBinding Message_Security_UserName_Credentials()
    {
        NetTcpBinding binding = new NetTcpBinding();

        binding.Security.Mode = SecurityMode.Message; 

        binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;

        binding.Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;

        binding.PortSharingEnabled = true; 

        return binding;
    }

The client sends "custom" client credentials to the webservice. The custom client credential class is this:

public class CustomClientCredentials : ClientCredentials
{

public CustomClientCredentials()
{
    AuthorizationToken = String.Empty;

    this.ClientCertificate.Certificate = Certificates.ClientPFX;

    this.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.Custom;

    this.ServiceCertificate.Authentication.CustomCertificateValidator = new CustomClientX509CertificateValidator("CN");
}

private string authorizationtoken;
public string AuthorizationToken
{
    get
    {
        return this.authorizationtoken;
    }
    set
    {
        if (value == null)
        {
            throw new ArgumentNullException("value");
        }
        this.authorizationtoken = value;
    }
}


public String Name
{
    set
    {
        this.UserName.UserName = value;
    }
}

public String Password
{
    set
    {
        this.UserName.Password = value;
    }
}

protected CustomClientCredentials(CustomClientCredentials other)
    : base(other)
{
    this.AuthorizationToken = other.AuthorizationToken;
}

protected override ClientCredentials CloneCore()
{
    return new CustomClientCredentials(this);
}

}

In short, the process of sending the custom client credentials to the service looks like this:

ChannelFactory<ILoginService> factory = new ChannelFactory<ILoginService>   (binding, endpointaddress);

factory.Endpoint.Behaviors.Remove<ClientCredentials>();

CustomClientCredentials credentials = new CustomClientCredentials() {Name = this.User.EMail, Password = this.User.Password, AuthorizationToken = String.Empty};

factory.Endpoint.Behaviors.Add(credentials);

ILoginService client = factory.CreateChannel();

Token result = client.LogIn();

On the server, I use a custom UserPasswordValidator to read out the client credentials. It looks like this:

public class CustomServiceUserNamePasswordValidator :   System.IdentityModel.Selectors.UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        if (null == userName || null == password)
        {
            throw new ArgumentNullException();
        }
    }
}

Up to this point everything works fine. As you can see in my custom ClientCredentials class, I want to send more additional information to the server.

My question is: What must I do, to read out the received custom client credentials on the server?

The theory in my head is, that I simply must tell the service endpoint on the server, that he should expect a certain type of credentials and then he can evaluate them.

Answer 1

Validating custom client credentials may not an easy tasks but you can following this link for validation. I would suggest also to follow this link for custom credential implementation.