I implemented a WCF service that uses the TransportWithMessageCredential binding and the custom UserNamePasswordValidator.
I have a Silverlight 3 client that connects to this service. However, if I set valid credentials, it works fine, however in the username validator I throw a SecurityTokenException if the username and password do not match.
Now I applied a dummy service call only to verify credentials, is there a “better” way to verify credentials. A service method that accepts a username and password and returns true / false does not feel secure.
source
share