Webservice with security headers

Question

I'm trying to consume a third party webservice (from the Component Interface in Peoplesoft), but in order to authenticate I have to have a header that looks like this:

<soapenv:Header xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"&gt;

    <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"&gt;    
      <wsse:UsernameToken>    
        <wsse:Username>X</wsse:Username>    
        <wsse:Password>X</wsse:Password>    
      </wsse:UsernameToken>    
    </wsse:Security>    
  </soapenv:Header>

I added a block to the web.config file in my app that's trying to use the webservice as follows:

<system.serviceModel>
  <client>
   <header>
    <endpoint>
     <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"&gt;
      <wsse:UsernameToken>
       <wsse:Username>X</wsse:Username>
       <wsse:Password>X</wsse:Password>
      </wsse:UsernameToken>
     </wsse:Security>
    </endpoint>
   </header>
  </client>
</system.serviceModel>

But the header still doesn't appear in the XML request to the webservice.

Am I even on the right track?

Answer 1

If you're using .NET 2.0 to connect to the service, your best bet is to download WSE 3.0 (WSE 2.0 if you're using .NET 1.1).

If you're using WCF to connect to the service, here's a link that should help you along your way. It's about the proper way to implement the WS-Security standard in WCF:

Enterprise .NET Community: Security your WCF Services

Answer 2

Look at this link : http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/03db0772-b319-468c-9298-0ec301dacf34

I never though WCF will not allow a simple username token on http