WCF Service with WS-Security requires Signed Timestamp only

Question

I need to provide a service to a third-party that will be sending soap messages with a signed Timestamp.

How can I configure my service to support this?

Answer 1

WCF does not natively allow to sign the timestamp but not the username. First I'm pretty sure this is not related to the problem you are facing - a server should be able to handle both cases. If you do need it then I suggest to not use username at all in the security (e.g. security mode of "anonymousForCertificate") and then implement a custom message encoder to manually push the username/password tags into the header in the right place (take care not to change any signed part in the message, mainly the timestamp).