.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

WSE 3.0 - Security , How do you set the mustUnderstand="0"?

Posted By:      Posted Date: August 28, 2010    Points: 0   Category :.NET Framework
Hi,I have some client code that uses wse 3.0.  The XML generated  <wsse:Security soap:mustUnderstand="1">     <wsu:Timestamp wsu:Id="Timestamp-e5dc384a-9e79-46e7-9e4d-0caf339bd7a6">       <wsu:Created>2008-09-29T20:31:18Z</wsu:Created>       <wsu:Expires>2008-09-29T20:36:18Z</wsu:Expires>     </wsu:Timestamp>     <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-f3807851-2042-442c-be07-99e36bdc337d">         <wsse:Username>andrew</wsse:Username>         <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">andrew</wsse:Password>         <wsse:Nonce>szwJdqOs2RsUGP32KT49+A==</wsse:Nonce>         <wsu:Created>2008-09-29T20:31:18Z</wsu:Created>     </wsse:UsernameToken> </wsse:Security>How do you change the header so that it reads soap:mustUnderstand="0" ?I read you have to implement a soap filter and manually change the attribute, is this true?  Is there an easier way?Thanks in Advance,Andrew

View Complete Post

More Related Resource Links

Secure It: WS-Security and Remoting Channel Sinks Give Message-Level Security to Your SOAP Packets


As more organizations adopt XML-based Web Services, the need for message-level security has become evident. WS-Security, now supported in the Microsoft .NET Framework, addresses this need. Using the WS-Security framework, developers can implement channel sinks to intercept Remoting messages as they pass through the .NET Remoting infrastructure. The sink can read the message, change it, and pass it along. During this process, the message can be signed for added security. This article explains how to implement a Remoting channel sink that will modify the Remoting message by including a UserName token in the header, then sign the body using the token.

Neeraj Srivastava

MSDN Magazine November 2003

SOAP Security Header: EncryptedData



I am configuring WCF to talk to non-.NET SOAP Framework.

The SOAP message will be encrypted with public-key, with Timestamp and UsernameToken in the Security Header.

I am starting off with CreateAnonymousForCertificateBindingElement(), and adding UserNameSecurityTokenParameters() to EndpointSupportingTokenParameters.Signed collection.

Difficulty is: In the SOAP Security Header I get ONE EncryptedData element that is giving the 3rd party service trouble... If I use a tool to submit altered SOAP Envelope without EncryptedData element (which seems to be not needed) the 3rd party service takes the request successfuly.

1) What may be generating this EncryptedData element?
2) How could EncryptedData be turned off OR removed from the Security Header?


Thank you


How to control SOAP address header and/or "mustUnderstand"-attribute in WCF client

Hello all,

using the following configuration, I'm trying to build a WCF-client for a non-WCF service that requires a SecurityContextToken for authentication.

<?xml version="1.0" encoding="utf-8"?>


        <binding name="TicketServiceBinding">



Soap Response mising Signature Security element + BasicHttp Binding


Hi All,

I am facing one issue with WCF service.

Issue : Response message not contains Signature Value.

if i use

TransportWithMessageCredential , the response message not contains Signature Value.But if i use only

security mode="Message" this time Response contains signature element.Why it is missing in TransportWithMessageCredential?

My configuration settings are :

Https+Messagelevel Security

Binding :TransportWithMessageCredential

    <binding name="basicHttpEndpointBinding">
     <security mode="TransportWithMessageCredential" >
      <message clientCredentialType="Certificate" />
      <transport clientCredentialType="Certificate" proxyCredentialType ="None" realm =&qu

SOAP Security negotiation with "http://.." failed


I have WCF end-point service hosted by Windows Service and configured as:


<service name="SmartLabs.WcfCallbackServiceLib.NotifyService">

        <endpoint address

Modify SOAP header Mustunderstand attribute in WCF client

 I am writing a WCF client for a service (not WCF). Getting an error that Unprocessed 'mustUnderstand' header element: {http://www.w3.org/2005/08/addressing}Action, because request SOAP contains header with mustunderstand='true'. I have to either set it false or remove the whole header. can you show the way to do that?

How can add, modify, delete security elements in SOAP header. Catch localhost comunication.


Hi. I have a problem with configuring security in bindings for SOAP message security (WS-Security). When I use wsHttpBinding in configuration file without any modification of binding and service behaviour and i use [ServiceContract(ProtectionLevel = ProtectionLevel.None)] for my service the result soap request from wcf test client utility is:


<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://www.w3.org/2003/05/soap-envelope">

Trouble with client's SOAP security header


Out client has a web service I need to call to get some order details.  It's a SOAP service and I'm calling it over SSL.  The message has to include a username/password as well as a SSL certificate.  I have the SSL cert on my system and I sent them a copy of the public key to install on their web server.

I was unable to get it working in 2008 with WCF so I am now trying WSE in 2005.  I'm now generating a username and password but I cannot get my SSL cert included in the header.  When I try to add the cert through the WSE 3.0 setting I get an error saying the cert can't be used for encryption.  This is fine because the cert is only supposed to be used for identification. 

Here is an example SOAP header the client sent me:

    <wsa:Action wsu:Id="Id-d02f4053-1c85-41ad-a7a8-dbf6be15ddca">http://www.test.com/Order</wsa:Action>
    <wsa:MessageID wsu:Id="Id-3aadc603-4235-4ca3-a09e-6ff39b65ad8a">uuid:3024666c-d0f2-48a3-b9a7-ab10eaaeee63</wsa:MessageID>
    <wsa:ReplyTo wsu:Id="Id-b4508af4-5e71-42cf-a249-890b89e1334">

SECU1075: An error was discovered processing the header


I have designed a console application as a web service client which is able to talk with webservice; however instead of using a console application, I've written a DLL that is called from a Winform app and  I am getting following error message.

Error message System.Web.Services.Protocols.SoapException: SECU1075: An error was discovered processing the <wsse:Security> header

   at System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)   at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters)


how to create wsse:Security header programatically from code



I want to create the following wsse:Security header from C# code:

<wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
  <wsu:Timestamp wsu:Id="Timestamp-02be6222-d34d-4c19-bb35-f4e98cc18534" xmlns:wsu="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss- wssecurity-utility-1.0.xsd">
  <wsse:UsernameToken wsu:Id="SecurityToken-3f7f983f-66ce-480d-bce6-170632d33f92" xmlns:wsu="

How do I create a CustomBinding for wsse:Security Header with UsernameToken without security?


Hello i'm pretty new to WebServices and i'm trying to connect my WCF-client to a JBoss-WebService with SOAP12.

My request message has to look as following: (yes there is no security at all)


<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> 
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1"> 
<wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="UsernameToken-1">
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">boo</wsse:Password>
<ns2:getNames() xmlns:ns2="http://localhost/myJBossWS" />
This is my CustomBinding, but it has no SecurityBindingElement, because nothing suits to me, they all require either ssl or a certificate.
Please help me to build a right binding to

SharePoint Tutorial - Security

Security in SharePoint is comprised of users, groups and roles.

Users, Groups and Roles

A user account comes from the authentication system. For example, if Active Directory is used to authenticate then the user accounts will come from it.

There are two types of groups SharePoint uses: domain groups and SharePoint groups.

Asp.net web site security database


Hello all, I'm new to asp.net and I'm currently practising some few stuffs. I'm creating a hotel reservation system using ASP.net Web site in visual studio 2008 and I currently don't have an App_Data in my solution explorer unlike visual web developer.

1. I have planned to make users of the website login before making their reservations.

2. I have also planned to develop the website such that I will be able to know all reservations made by each user.

First and formost, I will like to know how I can access/View the security database?

Secondly, how do I link my custom made reservation database and the security database in order to achieve my second plan above.?

Someone help me.

Thank you.



hello i have the following problem

i have upload my content to hosting server but i get the following error

Security Exception

Description: The application attempted to perform an operation not allowed by the security policy.  To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

Exception Details: System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.

Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SecurityException: Request for the permission of typ

System.Security.SecurityException: Request for the permission of type 'System.Web.AspNetHostingPerm


Good Day all,

Having an issue with an outside user accessing my IIS7 box. I do not have this problem when running the website from my host machine. I found this post: Http://forums.asp.net/t/1371394.aspx. I assure you that this is not a solution because I am not storing any of my files on a network share. 

What do you think my approach should be. 

I already have read rights to IIS user to my BIN folder. 

Thanks for the help. 

XBAP Security


We have a small XBAP file upload app that we are having trouble deploying. We were getting security errors when we were pushing this application that we don't get when running in our development environments on our machines. We gave the XBAP app full permissions and still got errors. Then we created a personal certificate and were able to get this to work. But that means we have to load a client side certificate for each and every machine that wants to run this which is ridiculous. Does anyone have a solution for this?

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend