不执行WCF自定义用户名和密码验证

Question

我在IIS 7.5上托管了一个WCF服务，其中包含basicHttpBinding绑定和TransportWithMessageCredential安全性的设置。我想在验证失败的情况下向客户端发送FaultException，但不幸的是，不执行自定义验证器类的Validate方法。 我已阅读here，该自定义验证程序仅适用于自托管方案： 是真的，还是我在某个地方犯了错误？

public class ServiceUserNamePasswordValidator : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
        if (null == userName || null == password)
        {
            throw new ArgumentNullException();
        }

        if (!(userName == MobilApp.Helper.SiteGlobal.UserName && password == MobilApp.Helper.SiteGlobal.Password))
        {
            throw new FaultException("Unknown Username or Incorrect Password");
        }

    }
}

的web.config：

<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="True" />
<bindings>
  <basicHttpBinding>
    <binding name="ServiceBinding" useDefaultWebProxy="false">          
      <security mode="TransportWithMessageCredential">
        <transport clientCredentialType="Certificate" />
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </basicHttpBinding>
</bindings>
<services>
  <service name="Service.TestService" behaviorConfiguration="CustomValidator">
    <endpoint address="" binding="basicHttpBinding" bindingConfiguration="ServiceBinding"
      bindingNamespace="https://service/TestService/"
      contract="Service.ITestService">
      <identity>
        <dns value="localhost" />
      </identity>
    </endpoint>
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
    <host>
      <baseAddresses>
        <add baseAddress="https://service/TestService/" />
      </baseAddresses>
    </host>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="CustomValidator">
      <useRequestHeadersForMetadataAddress/>
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="True" httpsGetUrl="wsdl" />
      <serviceDebug includeExceptionDetailInFaults="false" httpHelpPageEnabled="false" httpsHelpPageEnabled="true" />
      <serviceCredentials>
        <clientCertificate>
          <authentication
            certificateValidationMode="ChainTrust"
            revocationMode="NoCheck" />
        </clientCertificate>
        <serviceCertificate
          findValue="test.com"
          x509FindType="FindBySubjectName"
          storeLocation="LocalMachine"
          storeName="My" />
        <userNameAuthentication
          userNamePasswordValidationMode="Custom"
          customUserNamePasswordValidatorType="ServiceUserNamePasswordValidator, Service" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

谢谢。