How to generate POSTMAN authorization message for WCF using custom validation?

Question

I would like to create a POSTMAN script that would be able to send authorization request and then using token send another request to my web service to get some data. So far I struggle with generation custom authorization message.

What I have done so far: created my custom auhtorization class, modified accordingly web.config, snippets below.

Custom authorization class:

public class CustomUserCredentials : UserNamePasswordValidator
{
    public override void Validate(string userName, string password)
    {
       //login logic
    }
}

web.config

<system.serviceModel>
    <services>
        <service behaviorConfiguration="ServiceBehavior" name="TestWebService.MyWebService">
            <endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpBindingSSL"
                contract="TestWebService.IMyWebService">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="wsHttpBindingSSL">
                <security mode="TransportWithMessageCredential">
                    <transport clientCredentialType="None" proxyCredentialType="None" />
                    <message clientCredentialType="UserName" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceBehavior">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug httpHelpPageEnabled="true" httpsHelpPageEnabled="true"
                    includeExceptionDetailInFaults="false" />
                <serviceCredentials>
                    <userNameAuthentication userNamePasswordValidationMode="Custom"
                        customUserNamePasswordValidatorType="TestWebService.CustomValidate, TestWebService" />
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <protocolMapping>
        <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>

I started Fiddler while I was using console application to test my web service and made another snipper of the message. I tried to update created and expiration date and time for my new request, but it failed. I can't figure out how or is it even possible to generate my own message to be able to retrieve token from the web service so I would be able to use it for my requests. All these secret keys and guids make me feel that WCF using some security rules to protect web service from bruting. I need somebody's advice, because I feel that I'm fighting with a windmill.

Another question, can I create 1 explicit action in my web service that won't be requiring authorization?

Postman message body from my client to the web service:

<s:Envelope
    xmlns:s="http://www.w3.org/2003/05/soap-envelope"
    xmlns:a="http://www.w3.org/2005/08/addressing"
    xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
        <a:MessageID>urn:uuid:d1bef246-a8ee-4b54-8760-917f53c56cd9</a:MessageID>
        <a:ReplyTo>
            <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
        </a:ReplyTo>
        <a:To s:mustUnderstand="1">https://localhost:44389/MyWebService.svc</a:To>
        <o:Security s:mustUnderstand="1"
            xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
            <u:Timestamp u:Id="_0">
                <u:Created>2023-06-30T13:27:34.151Z</u:Created>
                <u:Expires>2023-06-30T13:32:34.151Z</u:Expires>
            </u:Timestamp>
            <o:UsernameToken u:Id="uuid-8045e6f4-075c-4423-9b65-f2c8ac49ebd0-1">
                <o:Username>login</o:Username>
                <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body>
        <t:RequestSecurityToken
            xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
            <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
            <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
            <t:Entropy>
                <t:BinarySecret u:Id="uuid-1aa12825-4289-4483-ae2e-f32233771841-1" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">04CGZQUKM3Q6W59vUYnaTMSDDwXPW5+KoRaN0I/UHuI=</t:BinarySecret>
            </t:Entropy>
            <t:KeySize>256</t:KeySize>
        </t:RequestSecurityToken>
    </s:Body>
</s:Envelope>