Hi,

I have spent hours to solve this problem to no avail.

I have created a custom security policy assertion for a web service as shown
in WSE 3.0 documentation. My complex project involves using two custom
security tokens and token managers to encrypt/sign SOAP messages. But at the
server, I get the error "Soap header Security was not understood" and the
ValidateMessageSecurity method is not called.

Things I did:

- I have WSE3-enabled both the service and the client using the WSE3
settings tool; The web.config service file contains the
"soapServiceProtocolFactory" element as needed.
- I have made sure the WSE3 sample certificates are installed ok. WSE3
samples work fine.
- I have visualized the SOAP message send by the client and it is perfectly
formed.

I have also created a simple solution containing a HelloWorld web service, a
simple console client and a library containing the custom security assertion
found in WSE3 documentation. That doesn't work either, I get similar errors
at the client now ( the service's ValidateMessageSecurity and SecureMessage
are called and all is ok, but now on the client when the SOAP response
arrives, the "ValidateMessageSecurity" method does not get called and the
error (ResponseProcessingException thrown)  is about the same as above.)

Does anyone has an idea about why it doesn't work ? I am using Visual Studio
2005 Professional and .NET Framework 2.0. I would appreciate answers
especially from people who worked with custom security assertions.

Merry Christmas ! :)

Catalin Stavaru