How to modify a WCF message header's MustUnderstand using ClientInspector

Question

I am calling a non-WCF service from a WCF client. The WCF client includes the \"MustUnderstand\" header attribute set to \"1\". Here\'s a typical SOAP request:

&         


        

Answer 1

I wonder why standards for interoperability exists if vendors do not follow them. If client inspector doesn't work you can try to implement custom message encoder and modify header there.

Edit:

The question here is why do you send user credentials for authentication if you in the same time declaring that service doesn't have to understand the header with credentials = doesn't have to use them. Do you really need them?

There are other approaches dependent on your requirements. Do you need timestamp? Is the timestamp checked on the server? Do you have single user for all calls or do you have to differ users between calls?

If you don't need timestamp or timestamp is not checked and you have only single user name and password the easiest way is not to use TranportWithMessageCredential security mode. Use pure Transport instead and place header description inside client endpoint configuration like:

<client>
   <endpoint address="https://removed" binding="basicHttpBinding" bindingConfiguration="WebServiceSOPA" contract="EWebService.EWebService" name="WebServiceSOAP">
    <headers>
     <wsse:Security s:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
      <wsse:UsernameToken wsu:Id="SecurityToken-3f7f983f-66ce-480d-bce6-170632d33f92" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
       <wsse:Username>User</wsse:Username>
       <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Pwd123</wsse:Password>
      </wsse:UsernameToken>
     </wsse:Security>
    </headers>
   </endpoint>
  </client>

If you have several user names or if you need real timestamp with actual data you can use same approach but instead of static configuration you can create custom header in code and avoid WCF security. This can be done using message inspector.