Generally, a given WCF service with security configured will only demand a single security authentication token (the primary identity) from the client consumer so as to ensure the client caller identification. However, sometimes it is useful to ask the client to supply multiple security tokens so as to acquire more information for server-side authentication or business-logic-specific validation. For such scenarios, WCF provides the supportingToken, which can help developers in designing services that can demand and accept multiple security tokens from the server client.

In this recipe, we will use the sample service, which demands both username and X.509 certificate tokens to demonstrate ...