Expert: Interoperability issues with WS-Security 1.0/UsernameToken/BinarySecurityToken



I need to write a client for a Web Service running in IBM Websphere. They are using WS-Security 1.0, and I have to:

– send a UsernameToken unencrypted;

– sign ONLY the body of the message using a X509 certificate;

– send the X509 Certificate used for signing unencrypted using BinarySecurityToken;


I have been able to do that in WSE 2.0 by using the following code:


QuotesService webQuotesServiceClient = new QuotesService();
SoapContext requestContext = webQuotesServiceClient.RequestSoapContext;
requestContext.Security.Timestamp.TtlInSeconds = config.Timeout;
// Retrieve certificate
X509CertificateStore store = X509CertificateStore.LocalMachineStore(config.StoreLocation);
bool open = store.OpenRead();
X509CertificateCollection certs = store.FindCertificateBySubjectString(config.CertificateName);
X509Certificate cert = certs[0];

// Add Signature Token
X509SecurityToken signatureToken = new X509SecurityToken(cert);

// Sign the message
MessageSignature messageSignature = new MessageSignature(signatureToken);

// Add User Token
UsernameToken userToken = new UsernameToken(config.Username, config.Password, PasswordOption.SendPlainText);


How can I do the exact same thing using WCF? I have been able to do almost exactly the same thing, but I haven’t been able to send the certificate unencrypted and sign only the message body, and haven’t found any configuration for that.

I can provide you with more information, if you need to.

Thank you very much.


Have you taken a look at this:

Yes, I did, but the example provided did not demonstrate how to achieve the same scenario that I have, just part of it. My main problem is that WCF always encrypt the certificate  (thus, not send  the BinarySecurityToken), or signs only the body.I have used part of this code  as well: Any help anyone? This is pretty advanced stuf

WCF does not allow the same customizations as WSE does. Please publish the soap envelope that WSE generates.