private static Binding CreateMultiFactorAuthenticationBinding(){    var httpsTransport = new HttpsTransportBindingElement();    // The message security binding element will be configured to require 2 tokens:    // 1) A username-password encrypted with the service token    // 2) A client certificate used to sign the message    // Create symmetric security binding element with encrypted username-password token.    // Symmetric key is encrypted with server certificate.    var messageSecurity = SecurityBindingElement.CreateUserNameForCertificateBindingElement();    messageSecurity.AllowInsecureTransport = false;    // Require client certificate as endorsing supporting token for all requests from client to server    var clientX509SupportingTokenParameters = new X509SecurityTokenParameters                                                    {                                                        InclusionMode =                                                            SecurityTokenInclusionMode.AlwaysToRecipient                                                    };    messageSecurity.EndpointSupportingTokenParameters.Endorsing.Add(clientX509SupportingTokenParameters);    return new CustomBinding(messageSecurity, httpsTransport);}

 

Registering WCF-servicesvar returnFaults = new ServiceDebugBehavior {IncludeExceptionDetailInFaults = true};var metaData = new ServiceMetadataBehavior {HttpsGetEnabled = true};var serviceCredentials = new ServiceCredentials();// Configure service sertificateserviceCredentials.ServiceCertificate.SetCertificate(    StoreLocation.LocalMachine,     StoreName.My,     X509FindType.FindBySubjectName,    "ServerCertificate");// Configure client certificate authentication modeserviceCredentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.ChainTrust;// Add custom username-password validatorserviceCredentials.UserNameAuthentication.UserNamePasswordValidationMode =    UserNamePasswordValidationMode.Custom;serviceCredentials.UserNameAuthentication.CustomUserNamePasswordValidator =    _container.Resolve
     
      ();// Add custom certificate validatorserviceCredentials.ClientCertificate.Authentication.CertificateValidationMode =    X509CertificateValidationMode.Custom;serviceCredentials.ClientCertificate.Authentication.CustomCertificateValidator =    _container.Resolve
      
       ();var serviceModel = new DefaultServiceModel();serviceModel.AddEndpoints(    WcfEndpoint.ForContract
       
        ().BoundTo(CreateMultiFactorAuthenticationBinding()));serviceModel.BaseAddresses.Add(new Uri("https://server.com/MyServiceImplementation.svc"));serviceModel.AddExtensions(serviceCredentials);serviceModel.AddExtensions(metaData);_container.AddFacility
        
         (f => f.CloseTimeout = TimeSpan.Zero)    .Register(Component.For
         
          ()                    .ImplementedBy
          
           () .AsWcfService(serviceModel), Component.For
           
            ().Instance(returnFaults));