当使用UserNameOverTransport绑定时，我如何让WCF以摘要模式发送密码?(将WSE3.0代码转换为WC

我正在尝试将此WSE3.0代码转换为WCF:

// we use Microsoft WSE 3.0 to insert the username token in the soap header.
// This strategy takes care of creating and inserting the Nonce and Created elements 
// for us, as well as creating a password digest based on Nonce, Created, and 
// the password itself.  Refer to the WS-Secutiry UsernameToken Profile 1.1
// specification at http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss.
Microsoft.Web.Services3.Security.Tokens.UsernameToken nametoken;
nametoken = new Microsoft.Web.Services3.Security.Tokens.UsernameToken(username, password, Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed);
Microsoft.Web.Services3.Design.Policy ClientPolicy = new Microsoft.Web.Services3.Design.Policy();
ClientPolicy.Assertions.Add(new UsernameOverTransportAssertion());
this._proxy.SetPolicy(ClientPolicy);
this._proxy.SetClientCredential<UsernameToken>(nametoken);

我已经非常接近了，除了以摘要模式发送密码(上面代码中的Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed):

TransportSecurityBindingElement transportBindingElement =
    SecurityBindingElement.CreateUserNameOverTransportBindingElement();
transportBindingElement.AllowInsecureTransport = true;
transportBindingElement.EnableUnsecuredResponse = true;
transportBindingElement.IncludeTimestamp = true;
var binding = new CustomBinding(new BindingElement[] { //
    transportBindingElement, //
    new TextMessageEncodingBindingElement() {
        MessageVersion = MessageVersion.Soap11
    }, //
    new HttpTransportBindingElement() {
        AuthenticationScheme = AuthenticationSchemes.Digest,
    }, //
});

上面的代码仍然以明文形式发送密码(未散列)。我发现了这个链接，有人试图转换类似的代码，有人说如果不编写自定义令牌序列化器，就不可能设置WCF来完成此操作。

这个说法准确吗?

如果是，我需要做些什么来创建和使用这个自定义序列化器?

看起来这个链接可能是一个很好的起点，当与评论中链接的网站的PDF相结合时，给出了以下公式Password_Digest = Base64 ( SHA-1 ( nonce + created + password ) )，但如果有人能更好地解释我需要从哪里推导，以及如何让WCF使用我的新序列化器，我很乐意听到它。