Forbidden at HTTP level when using self-hosted for https and Basica Authentication

Hi,
I encountered a problem when doing self-hosted web service using WCF
and hope people can help me here.
I am trying to self-host a web service, using https, and Basic
Authentication. So, I used an MSDN example at
http://msdn2.microsoft.com/en-us/library/ms733775.aspx with some
modification.
The service side configuration has this:
<wsHttpBinding>
<binding name="UsernameWithTransport">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</wsHttpBinding>
and the endpoint uses this configuration.

I added a custom username/password validator as described in
http://msdn2.microsoft.com/en-us/library/aa702565.aspx (but changed
the security mode to transport, since the example on MSDN is using
message). So, on the service side, extra code looks like this:

myServiceHost.Credentials.UserNameAuthentication.UserNamePasswordValidationMode
=
System.ServiceModel.Security.UserNamePasswordValidationMode.Custom;
myServiceHost.Credentials.UserNameAuthentication.CustomUserNamePasswordValidator
= new CustomUserNameValidator();
// CustomUserNameValidator implementation here ...

On the client, I did this in the code:
client.ClientCredentials.UserName.UserName = "test1";
client.ClientCredentials.UserName.Password = "1tset";

Client side config matches the service config, so I have:
<wsHttpBinding>
<binding name="WSHttpBinding_ICalculator" >
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</wsHttpBinding>

I also set the principalPermissionMode to None in the service config.

When the client invokes the service, it got the exception:
HTTP request was forbidden with client authentication scheme 'Basic'.
---> System.Net.WebException: The remote server returned an error:
(403) Forbidden.

The MSDN example is for IIS hosted. I am wondering it is doable at
all in a self-hosted service? If yes, what steps am I missiong. Here
is the whole exception stack on the client:

Unhandled Exception:
System.ServiceModel.Security.MessageSecurityException: The HTTP
request was forbidden with client authentication scheme 'Basic'. --->
System.Net.WebException: The remote server returned an error: (403)
Forbidden.
at System.Net.HttpWebRequest.GetResponse()
at
System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply
TimeSpan timeout)
--- End of inner exception stack trace ---

Server stack trace:
at
System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest
request, HttpWebResponse response, WebException responseException,
HttpChannelFactory factory)
at
System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest
request, HttpWebResponse response, HttpChannelFactory factory,
WebException responseException)
at
System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan
timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message
message, TimeSpan timeout)
at
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message
message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, Object[] ins,
Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, Object[] ins,
Object[] outs)
at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message)

Exception rethrown at [0]:
at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg)
at
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type)
at SoapClient.xp_dev3.IService1.MyOperation1(String myValue)
at SoapClient.xp_dev3.Service1Client.MyOperation1(String myValue)
in :\DotNetWebService\WCFSamples\SoapClient\Service References
\xp_dev3.cs:line 119
at SoapClient.Program.Client.Main() in F:\DotNetWebService
\WCFSamples\SoapClient\Program.cs:line 25

If I set the <transport clientCredentialType="None" /> on both client
and service config, it invocation works.

Thanks in advance for any help.
Jason