How UserNamePasswordValidator reads username password from SOAP header?

Question

I am using custom UserNamePasswordValidator for User Authentication. Following is the code and it works well.

I want to understand how does does this method gets username and password from UserNameToken from SOAP header.

public class DistributorValidator : UserNamePasswordValidator
    {
        public override void Validate(string userName, string password)
        {
            if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password)) 
            {
                throw new FaultException("Username and password required", new FaultCode("9001"))
................

Answer 1

you should turn on WCF logging (or use Fiddler) to see how the soap message looks like. There you will see the token. WCF has a pretty complex model to extract the credentials from the message. There is a (de)serializer for the security header, and each token (username, x.509, etc) has its own deserializer.