I am using custom UserNamePasswordValidator for User Authentication. Following is the code and it works well.
I want to understand how does does this method gets username and password from UserNameToken from SOAP header.
public class DistributorValidator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password))
{
throw new FaultException("Username and password required", new FaultCode("9001"))
................
you should turn on WCF logging (or use Fiddler) to see how the soap message looks like. There you will see the token. WCF has a pretty complex model to extract the credentials from the message. There is a (de)serializer for the security header, and each token (username, x.509, etc) has its own deserializer.