WCF Authentication is not working RRS feed

  • Question

  • User-943207588 posted


    I am using Message Security for WCF authentication. And my clientCredentialType="UserName".

    Even if I am not providing valid username and password while accessing a service, it is working fine.

    It should do authentication, If credentials are correct then only it should allow to access.

    My code is as follows:

    Binding section of Web config of WCF service:

    <binding name="Binding1">
    <security mode="Message">
    <message clientCredentialType="UserName" />


    Behaviour section of WCF service:


    <behavior name="AuthenticationBehaviour">
    <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfServiceAuthentication.Authenticator, WcfServiceAuthentication"/>
    <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
    <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
    <serviceDebug includeExceptionDetailInFaults="false"/>


    username validator:

    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.IdentityModel.Selectors;
    using System.ServiceModel;
    using log4net;
    using System.Reflection;
    namespace WcfServiceAuthentication
    public class Authenticator : UserNamePasswordValidator
    private static ILog _logger = log4net.LogManager.GetLogger(MethodBase.GetCurrentMethod().DeclaringType);
    public override void Validate(string userName, string password)
    _logger.Info("Validate called with username:" + userName + " and password:" + password);

    if (null == userName || null == password)
    throw new ArgumentNullException();

    if (!(userName == "Admin" && password == "Admin123"))
    // This throws an informative fault to the client.
    throw new FaultException("Unknown Username or Incorrect Password");

    _logger.Info("End called");


    WCF Service:

    namespace WcfServiceAuthentication
    // NOTE: You can use the "Rename" command on the "Refactor" menu to change the class name "AuthenticationService" in code, svc and config file together.
    // NOTE: In order to launch WCF Test Client for testing this service, please select AuthenticationService.svc or AuthenticationService.svc.cs at the Solution Explorer and start debugging.
    //[ServiceBehavior(IncludeExceptionDetailInFaults = true)]
    [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession, ConcurrencyMode = ConcurrencyMode.Single)]
    public class AuthenticationService : IAuthenticationService

    public int add(int num1, int num2)
    return (num1 + num2);


    Client application:

     AuthenticationServiceClient proxy = new AuthenticationServiceClient();

    //Here I have not provided Credentials then also it is working..

    int addition= proxy.add(10, 10);
    return View();

    Monday, April 29, 2013 1:01 AM


  • User-1000095884 posted


    From your description, please check it is using the 'Binding1' for your service, you can check it from the service's WSDL. To create a WCF service and client secured using message level security, you can refer a sample in below MSDN document.

    #Message Security with a User Name Client


    Best Regards.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Tuesday, April 30, 2013 1:43 AM