In the end, I had to call the service that created the entire SOAP message and the creation of the HttpWebRequest . In the SOAP message, I manually specify the security header:
<soapenv:Header> <wsse:Security soapenv:mustUnderstand='1' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'> <wsse:UsernameToken wsu:Id='UsernameToken-1' xmlns:wsu='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd'> <wsse:Username>Foo</wsse:Username> <wsse:Password Type='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText'>Bar</wsse:Password> <wsse:Nonce EncodingType='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary'>qM6iT8jkQalTDfg/TwBUmA==</wsse:Nonce> <wsu:Created>2012-06-28T15:49:09.497Z</wsu:Created> </wsse:UsernameToken> </wsse:Security> </soapenv:Header>
And here is the service client:
String Uri = "http://web.service.end.point" HttpWebRequest req = (HttpWebRequest)WebRequest.Create(Uri); req.Headers.Add("SOAPAction", "\"http://tempuri.org/Register\""); req.ContentType = "text/xml;charset=\"utf-8\""; req.Accept = "text/xml"; req.Method = "POST"; String SoapMessage = "MySoapMessage, including envelope, header and body" using (Stream stm = req.GetRequestStream()) { using (StreamWriter stmw = new StreamWriter(stm)) { stmw.Write(SoapMessage); } } try { WebResponse response = req.GetResponse(); StreamReader sr = new StreamReader(response.GetResponseStream()); log.InfoFormat("SoapResponse: {0}", sr.ReadToEnd()); } catch(Exception ex) { log.Error(Ex.ToString()); }
Interesting Resources About Web Services Security (WSS):