Properly catch SecurityTokenException from a WCF UserNamePasswordValidator

Question

According to the UserNamePasswordValidator sample on http://msdn.microsoft.com/en-us/library/system.identitymodel.selectors.usernamepasswordvalidator.aspx one should throw a SecurityTokenException if the username or password is wrong. This works fine, but instead of getting the SecurityTokenException I'm getting a MessageSecurityException and the text message I'm passing is lost somewhere. I'm not sending "details in faults".

Any ideas how to properly catch these errors? I'm going to try a few things myself and see if I can get it right.

Answer 1

Quick find (why didn't I see if before...), the link I provided in the question pointed to another sample at http://msdn.microsoft.com/en-us/library/aa702565.aspx

It's somewhat different from the first sample, and has a comment about using FaultException instead of a SecurityTokenException if you want to provide message details.

public override void Validate(string userName, string password)
{
    if (null == userName || null == password)
    {
        throw new ArgumentNullException();
    }

    if (!(userName == "test1" && password == "1tset") && !(userName == "test2" && password == "2tset"))
    {
        // This throws an informative fault to the client.
        throw new FaultException("Unknown Username or Incorrect Password");
        // When you do not want to throw an infomative fault to the client,
        // throw the following exception.
        // throw new SecurityTokenException("Unknown Username or Incorrect Password");
    }
}

The exception caught on the client now contains an inner exception of type FaultException with the text message I want to expose.