The samples in the security guide will work with message level credentials. For example the security guide code would work if you used a binding with security mode="TransportWithMessageCredential" and then specified a clientCredentialType="UserName"
for the message security element.
The trouble with trying to flow transport level credentials like the Base64 encoded string that encompases the "Basic" credential is that it isn't bubbled up to the WCF extensibility layers we currently plug into. The Basic transport credentials
are handled by the transport layer and would have to be intercepted at that level which we haven't explored.
The second thing to keep in mind based on the security guide is that flowing credentials is a two step process.
1) Capture the incomming credentials via a policy on the virtual service endpoint
2) replay the captured credentials via a policy on the resource or system instance that identifies the service implementation you want to invoke.
The need for the two step process is due to the fact that the MSE is an intermediary and the request to the service implementation is a new WCF client proxy. The original incoming credentials need to be applied to the new WCF client proxy that is created.
hope that helps.