I have a simple web service (Hello world at this stage) being called from an
ASP.Net client using C#. Both Web Service and Client are installed on the
same development server - Win 2003 with IIS6

WSE 3.0 is applied to both and functions work at the base level.

I am trying to add the Username/Password security using the certificate
installed at server. The Public key of this certificate is installed on  the
client mechine.

The Web Service has been configured as described at
http://msdn2.microsoft.com/en-us/library/aa480575.aspx

Getting the following error while the client invoking the service:

WSE910: An error happened during the processing of a response message,
and you can find the error in the inner exception.  You can also find
the response message in the Response property.

Client is a console application

Following is the complete code [The realsite name is replaced with
TESTSITE.net for security].  Any help to resolve this issue is highly
appreciated:

web.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <configSections>
   <section name="microsoft.web.services3"
type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,
Microsoft.Web.Services3,
Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
 </configSections>
 <system.web>
   <webServices>
     <soapExtensionImporterTypes>
       <add
type="Microsoft.Web.Services3.Description.WseExtensionImporter,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
     </soapExtensionImporterTypes>
     <soapServerProtocolFactory
type="Microsoft.Web.Services3.WseProtocolFactory, Microsoft.Web.Services3,
Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
   </webServices>
   <compilation defaultLanguage="c#">
     <assemblies>
       <add assembly="Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
     </assemblies>
   </compilation>
 </system.web>
 <microsoft.web.services3>
   <policy fileName="wse3policyCache.config" />
   <security>
     <securityTokenManager>
       <add
type="Microsoft.Web.Services3.Security.Tokens.CustomUsernameTokenManager,
Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31bf3856ad364e35"

namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
localName="UsernameToken" />
     </securityTokenManager>
   </security>
 </microsoft.web.services3>
</configuration>

UsernameTokenManager.cs in /app_Code

using System;
using System.Xml;
using System.Security.Permissions;
using System.Web.Security;
using System.Security.Principal;

using Microsoft.Web.Services3.Security;
using Microsoft.Web.Services3.Security.Tokens;

namespace Microsoft.Web.Services3.Security.Tokens
{
   [SecurityPermissionAttribute(SecurityAction.Demand, Flags =
SecurityPermissionFlag.UnmanagedCode)]
   /// <summary>
   /// Summary description for UsernameTokenManager
   /// </summary>
   public class CustomUsernameTokenManager : UsernameTokenManager
   {
       public CustomUsernameTokenManager()
       {
           //
           // TODO: Add constructor logic here
           //
       }
   
       public CustomUsernameTokenManager(XmlNodeList nodes)
        : base(nodes)
       {
       }
       protected override string AuthenticateToken(UsernameToken
token)
       {
           return "Password";

       }
   }
}

MTOMService.cs

using System;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Design;

[WebService(Namespace = "http://TESTSITE.net/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[Policy("MTOMClient")]
public class MTOMService : System.Web.Services.WebService
{
   public MTOMService () {

       //Uncomment the following line if using designed components
       //InitializeComponent();
   }

   [WebMethod]
   public string HelloWorld() {
       return "Hello World";
   }
   
}

wse3policyCache.config

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
 <extensions>
   <extension name="usernameForCertificateSecurity"
type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
   <extension name="x509"
type="Microsoft.Web.Services3.Design.X509TokenProvider,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
   <extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3,
Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
 </extensions>
 <policy name="MTOMClient">
   <usernameForCertificateSecurity establishSecurityContext="false"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
     <serviceToken>
       <x509 storeLocation="LocalMachine" storeName="My"
findValue="CN=www.TESTSITE.net, OU=Secure, O=D2D, L=Springfield,
S=Illinois, C=US"
findType="FindBySubjectDistinguishedName" />
     </serviceToken>
     <protection>
       <request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
       <response signatureOptions="IncludeAddressing,
IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
       <fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
     </protection>
   </usernameForCertificateSecurity>
   <requireActionHeader />
 </policy>
</policies>

Client

app.config

<?xml version="1.0" encoding="utf-8"?>
<configuration>
 <configSections>
   <section name="microsoft.web.services3"
type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,
Microsoft.Web.Services3,
Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
   <sectionGroup name="applicationSettings"
type="System.Configuration.ApplicationSettingsGroup, System,
Version=2.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089" >
     <section name="MClient.Properties.Settings"
type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0,
Culture=neutral,
PublicKeyToken=b77a5c561934e089" requirePermission="false" />
   </sectionGroup>
 </configSections>
 <microsoft.web.services3>
   <policy fileName="wse3policyCache.config" />
 </microsoft.web.services3>
 <applicationSettings>
   <MClient.Properties.Settings>
     <setting name="MClient_MTOMService_MTOMService"
serializeAs="String">
     
 
<value>http://www.TESTSITE.net/webservices/mtomservice/mtomservice.asmx</value>
     </setting>
   </MClient.Properties.Settings>
 </applicationSettings>
</configuration>

programs.cs

using System;
using System.Collections.Generic;
using System.Text;
using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Configuration;
using Microsoft.Web.Services3.Collections;
using Microsoft.Web.Services3.Security.Tokens;
using MClient.MTOMService;

namespace MClient
{
   class Program
   {
       static void Main(string[] args)
       {
           string username = "mike";
           string password = "123";

           UsernameToken token = new UsernameToken(username, password,
PasswordOption.SendPlainText);
           MTOMServiceWse Service = new MTOMServiceWse();
           Service.SetClientCredential(token);

           Service.SetPolicy("MTOMClient");

           Service.HelloWorld();
           
           
           
           
           
       }
   }
}

wse3policyCache.config

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
 <extensions>
   <extension name="usernameForCertificateSecurity"
type="Microsoft.Web.Services3.Design.UsernameForCertificateAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
   <extension name="x509"
type="Microsoft.Web.Services3.Design.X509TokenProvider,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
   <extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3,
Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
 </extensions>
 <policy name="MTOMClient">
   <usernameForCertificateSecurity establishSecurityContext="false"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
     <serviceToken>
       <x509 storeLocation="LocalMachine" storeName="My"
findValue="CN=www.TESTSITE.net, OU=Secure, O=D2D, L=Springfield,
S=Illinois, C=US"
findType="FindBySubjectDistinguishedName" />
     </serviceToken>
     <protection>
       <request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
       <response signatureOptions="IncludeAddressing,
IncludeTimestamp, IncludeSoapBody" encryptBody="true" />
       <fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
     </protection>
   </usernameForCertificateSecurity>
   <requireActionHeader />
 </policy>
</policies>