We have a WCF service that uses CustomUsernamePasswordValidator(UserNamePasswordValidator) over TCP for login. The only way of doing this in .NET 3.5 was to use certificate security and this is also what we implemented (certificate on both client and server).
This means that if we want to make a unsecured Login with username and password we hade to build a simple servicemethod that take username and password and then validates it.
Is there any news on this in WCF .NET 4.0? It would be grate if we could use the same procedure (with the CustomUsernamePasswordValidator) but on one endpoint state that no security should be used and on other to use certificate security.
View Complete Post