Basically I need to setup my ASMX file so that when I pull it up in a browser to display the WebMethod specification the Soap Header conforms to this format:
<soap:Header>
<wsse:Security>
<wsse:UsernameToken wsu:Id='SecurityToken-securityToken'>
<wsse:Username>Username</wsse:Username>
<wsse:Password>Password</wsse:Password>
<wsu:Created>Timestamp</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
Back-story: I’m integrating with a client application that is already built (and owned by another company). Basically this client application already has their soap messages all set up from its past integrations with other companies. So we’ve opted to just build a web service using an ASMX file that matches the WSDL that they’re already setup to consume.
Is it possible to get WS-Security working on an ASMX file or is ASMX too simplistic and I have to upgrade to WFC (which I really don’t want to do)?
You can implement a SOAP / WS-Security service using classic web services. Here’s a tutorial from MSDN.
All of this is easier in WCF though.
EDIT:
Pulled the wrong link. Here’s the one I meant to paste (CodeProject tutorial that uses WSE 2, though WSE 3 is the latest release and I have used that exclusively pre-WCF).