I read the posting from 4/24/2006, but the referenced article indicates how
to ADD these items, not remove. The article examples are also in C# which my
client uses VB.Net 2005 and the examples do not correlate easily.

For reference, I am sending ID/password over UsernameOverTransport to a

Hi John,

For removing "Nonce" and "Timestamp" header element in WSE message, there
is former thread in WSE newsgroup discussing on this:

#Removing timestamp in WSE 3.0 Options
http://groups.google.com/group/microsoft.public.dotnet.framework.webservices
.enhancements/browse_thread/thread/c005be85efe32a41/53f6c96429c74b48

So far no existing configuration will do this and you'll have to implement
custom filter to manually modify the underlying soap message. Also, as
mentioned in the above thread, those headers you want to modify should not
be encrypted or signed, otherwise, it will cause exception when the
receiver side try validating them.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------
From: =?Utf-8?B?QmlnSm9obg==?= <bigjohn@newsgroup.nospam>
References: <6F96A29B-011D-4CC6-85E4-CA2FDCF1ABCA@microsoft.com>
Subject: RE: Removing Nonce and Timestamp in WSE 3.0
Date: Thu, 29 Nov 2007 12:10:03 -0800


For reference, I am sending ID/password over UsernameOverTransport to a

I read through the suggestion and found a much less confusing method of
handling this issue. Since I am using UsernameOverTransport, I don't need
X509 certificate stores, encryption or any other strategies.

Step 1 - Switch from VB to C# because the solution does not function in VB
for some unknown reason. The XMLElement is protected in VB but not C#.
Step 2 - Remove WSE 3.0.
Step 3 - Add the security header to the WebLogic Java service as follows:



UpdSvc.svcService svcWork = new UpdSvc.svcService();
//UpdSvc is added through Add Web Reference

// Handle Security setup
svcWork.Security = new UpdSvc.SecurityHeaderType(); //defined in the service
svcWork.Security.MustUnderstand = true; //defined in service
svcWork.Security.Any = new System.Xml.XmlElement[1];

XmlDocument doc = new XmlDocument();
doc.LoadXml("<wsse:UsernameToken
xmlns:wsse=\'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\'> " +
"<wsse:Username>myID</wsse:Username>" +
"<wsse:Password
Type=\'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\'>myPassword</wsse:Password>" +
"</wsse:UsernameToken>");

svcWork.Security.Any[0] = doc.DocumentElement;

Thank you John for the followup and share the result with us.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


This posting is provided "AS IS" with no warranties, and confers no rights.


--------------------

From: =?Utf-8?B?QmlnSm9obg==?= <bigjohn@newsgroup.nospam>
References: <6F96A29B-011D-4CC6-85E4-CA2FDCF1ABCA@microsoft.com>
<1037F76C-D042-41BB-A41D-268EFFE19F52@microsoft.com>
<ESdR1KwMIHA.4200@TK2MSFTNGHUB02.phx.gbl>
Subject: RE: Removing Nonce and Timestamp in WSE 3.0
Date: Tue, 4 Dec 2007 06:44:03 -0800

I read through the suggestion and found a much less confusing method of
handling this issue. Since I am using UsernameOverTransport, I don't need
X509 certificate stores, encryption or any other strategies.

Step 1 - Switch from VB to C# because the solution does not function in VB
for some unknown reason. The XMLElement is protected in VB but not C#.
Step 2 - Remove WSE 3.0.
Step 3 - Add the security header to the WebLogic Java service as follows:



UpdSvc.svcService svcWork = new UpdSvc.svcService();
//UpdSvc is added through Add Web Reference

// Handle Security setup
svcWork.Security = new UpdSvc.SecurityHeaderType(); //defined in the service
svcWork.Security.MustUnderstand = true; //defined in service
svcWork.Security.Any = new System.Xml.XmlElement[1];

XmlDocument doc = new XmlDocument();
doc.LoadXml("<wsse:UsernameToken
xmlns:wsse=\'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur
ity-secext-1.0.xsd\'> " +
"<wsse:Username>myID</wsse:Username>" +
"<wsse:Password
Type=\'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-toke
n-profile-1.0#PasswordText\'>myPassword</wsse:Password>" +
"</wsse:UsernameToken>");