Click here to Skip to main content
15,171,303 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
 my code:

using System.IdentityModel.Selectors;
using System.IdentityModel.Tokens;
namespace WCF.Security.Username.Service
    public class SaasServiceUsernameAuthentication : UserNamePasswordValidator
        public override void Validate(string userName, string password)
            if (password != "123-456789-098")
                throw new SecurityTokenException("Invalid Subscriptionid provided");
<?xml version="1.0"?>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
    <compilation debug="true" targetFramework="4.8" />
    <httpRuntime targetFramework="4.8"/>
      <service name="WCF.Security.Username.Service.SaasService" behaviorConfiguration="SaasServiceBehaviorConfig">
        <endpoint address="" binding="wsHttpBinding" contract="WCF.Security.Username.Service.ISaasService"
        <binding name="SaasServiceBehaviorConfig">
          <security mode="Message">
            <message clientCredentialType="UserName"/>
        <behavior name="SaasServiceBehaviorConfig">
          <!--  httpsGetEnabled="true" To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <userNameAuthentication userNamePasswordValidationMode="Custom"
          <serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="localhost"/>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    <modules rHnvqST17xvqhuFkhF1XAL8DMg2EwU5yP7="true"/>
        To browse web app root directory during debugging, set the value below to true.
        Set to false before deployment to avoid disclosing web app folder information.
    <directoryBrowse enabled="true"/>

What I have tried:

The message could not be processed. This is most likely because the action  is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900