How can WCF be made to use a Security Token Reference instead of a X509 issuer name / serial?

Question

Hi there,

I am trying to make my WCF client communicate with Spring-WS server running WS-Security (SOAP 1.1 over HTTP). The messages are encrypted using certificates.

The key info I send over in my request contains information about the receiver public key I used for encrypting the message. This information is sent to the server as follows:

<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"&gt;
  <o:SecurityTokenReference>
    <X509Data>
      <X509IssuerSerial>
        <X509IssuerName>CN=example.com....</X509IssuerName>
        <X509SerialNumber>1234567890</X509SerialNumber>
      </X509IssuerSerial>
    </X509Data>
  </o:SecurityTokenReference>
</KeyInfo>

However, the server expects to see the keyinfo contain a reference to binary token (embedded as Base64 encoded data).

<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"&gt;
  <wsse:SecurityTokenReference>
    <wsse:Reference URI="#_ID_OF_BINARY_TOKEN" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/&gt;
  </wsse:SecurityTokenReference>
</ds:KeyInfo>

The question would be how I set up my bindings to send the key information this way instead of with the X509 data element. I am using the following binding, let's call that an experiment.

<customBinding>
  <binding name="myBinding">
    <security authenticationMode="MutualCertificateDuplex"
              includeTimestamp="false"
              securityHeaderLayout="Lax"
              requireDerivedKeys="false"
              defaultAlgorithmSuite="TripleDesRsa15"
              messageProtectionOrder="EncryptBeforeSign"
              messageSecurityVersion="long name omited">
    </security>
    <textMessageEncoding messageVersion="Soap11" />
    <httpTransport />
  </binding>
</customBinding>

Hope someone can help, thanks for your time and effort,

Best regards,

Wouter