wsfederationhttpbinding,将自定义用户标识传递给sts

好吧,这是答案

STS配置:

<behaviors>
     <serviceBehaviors>
         <behavior name="STSBehaviour">
             <!--Custom credentials processing-->
             <serviceCredentials>
                 <userNameAuthentication userNamePasswordValidationMode="Custom" 
                                         customUserNamePasswordValidatorType="SecurityTokenService.UserNameValidator, SecurityTokenService"/>
             </serviceCredentials>
             <!--------------------------------->
         </behavior>
    </serviceBehaviors>
</behaviors>
<bindings>
    <wsHttpBinding>
        <binding name="wsHttpUsername">
            ...
            <security mode="Message">
                <message clientCredentialType="UserName"
                         negotiateServiceCredential="false"
                         establishSecurityContext="false" />
            </security>
            ...
        </binding>
    </wsHttpBinding>
</bindings>
<services>
    <service behaviorConfiguration ="STSBehaviour"
               name="Microsoft.ServiceModel.Samples.SecurityTokenService" >
           ....
    </service>
</services>

用户名验证程序

public class UserNameValidator : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        if (!VerifyCredentials(userName, password))
            throw new SecurityException("Invalid credentials");
    }
}