I am trying to consume a webservice which requires an x509 signature.  When
I make the call, I get an authentication error - and the only thing the
service provider can tell me is there is a problem with the signature.  The
provider has also provided me with a soap trace of a message which passes
authentication.

I am using c#, vs.2003, wse1

Would anybody with digital signature experience be able to tell me why my
soap message fails authentication, whilst the sample given below does not?

==============================
My soap message, generated from VS.NET:

 <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
   <soap:Header>
     <Operation d3p1:Id="MsgOperation"
xmlns:d3p1="http://schemas.xmlsoap.org/ws/2002/07/utility"
xmlns="http://www.ros.ie/schemas/service/">Inbox/List</Operation>
     <wsse:Security
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
       <wsse:BinarySecurityToken ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="SecurityToken-5a90b745-80a3-4381-a09c-016421583e36">MIICOTCCAaagAwIB
AgIQgQWWUbaPm6tO71vvsclQPzAJBgUrDgMCHQUAMFAxFjAUBgNVBAMTDUFkbWluaXN0cmF0b3Ix
DDAKBgNVBAcTA0VGUzEoMCYGA1UECxMfRUZTIEZpbGUgRW5jcnlwdGlvbiBDZXJ0aWZpY2F0ZTAg
Fw0wMzEyMTAxMDQ0MjlaGA8yMTAzMTExNjEwNDQyOVowUDEWMBQGA1UEAxMNQWRtaW5pc3RyYXRv
cjEMMAoGA1UEBxMDRUZTMSgwJgYDVQQLEx9FRlMgRmlsZSBFbmNyeXB0aW9uIENlcnRpZmljYXRl
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbcO3b2QbGaPds6El98lEhN5HBvj8lCuqFcGL8
4WCZwn/qKc0uj6aWKw43AcqQegX2RchnZDd3iKj97U7Du67E+ikqUihtBGlFElpmk4AjeO6khZoT
SPWE0A+OAFkZt37OTmFYiS0yx7p/JYWkz8zKLmu7Cgmh94sbcrWtDGjq9QIDAQABoxowGDAWBgNV
HSUEDzANBgsrBgEEAYI3CgMEATAJBgUrDgMCHQUAA4GBAAcQ5jV3X9sPdaV/xx1ZjJyWhAZOptXl
LfU2Y8EMiJlT/KhuAe1eyz6dtCNNtkWL2mq5gpzwZzrQJ4i+RsCLz0oQbdGKDMCrLdnQfzxH9/xv
jucHmkDXKxzt0DhMtEVmgB+eHwOFVeVZQIM9EFWWkveZbWRbmFr7O4iIwFCGjYXE</wsse:Binar
ySecurityToken>
       <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
         <SignedInfo>
           <CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
           <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
           <Reference URI="#MsgOperation">
             <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
             <DigestValue>n0USgkcO+ar4VzXqcSRuK4Xvc6Y=</DigestValue>
           </Reference>
           <Reference URI="#Id-cd698289-105b-4d97-baaf-1a67a444618c">
             <Transforms>
               <Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
             </Transforms>
             <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
             <DigestValue>Rka/vUr1rildbS/ucJ4jw7vAbGc=</DigestValue>
           </Reference>
         </SignedInfo>

<SignatureValue>fDVvewPAjdkBvL7/Cd7VFGTEG0pkHPyxhXAJg0qjH15PAia7niOUnEpYtUeg
76ZWuC1seYr7gJbntkZFerAKVDnISlMt+0wjTikWITxZf4755w9gSyva96P3AlYq2q/GCTHtnhU7
CJ9cvNCluCILGJ6ZMn7IqEZTw3jgAmvXBbs=</SignatureValue>
         <KeyInfo>
           <wsse:SecurityTokenReference>
             <wsse:Reference
URI="#SecurityToken-5a90b745-80a3-4381-a09c-016421583e36" />
           </wsse:SecurityTokenReference>
         </KeyInfo>
       </Signature>
     </wsse:Security>
   </soap:Header>
   <soap:Body wsu:Id="Id-cd698289-105b-4d97-baaf-1a67a444618c"
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
     <DocumentSearch xmlns="http://www.ros.ie/schemas/inbox/" />
   </soap:Body>
 </soap:Envelope>

======================================================
The message which passes validation:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

 <soapenv:Header>

   <ns1:Operation Id="MsgOperation" soapenv:mustUnderstand="0"
xmlns:ns1="http:
//www.ros.ie/schemas/service/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-insta
nce" xsi:type="xsd:string">
Inbox/List  </ns1:Operation>

 <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">

      <wsse:BinarySecurityToken EncodingType="wsse:Base64Binary"
Id="X509Token"
ValueType="wsse:X509v3">

     MIICiTCCAXECBD9E/3IwDQYJKoZIhvcNAQEFBQAwTTELMAkGA1UEBhMCSUUxHzAd
     BgNVBAoTFlJFVkVOVUUgT05MSU5FIFNFUlZJQ0UxDDAKBgNVBAsTA1JPUzEPMA0G
     A1UEAxMGU1VCIENBMB4XDTAzMDgyMTE3MjA1MFoXDTA1MDgyMDE2MjA1MFowSTEL
     MAkGA1UEBhMCSUUxEjAQBgNVBAoTCU1BUlkgQk9SRTEOMAwGA1UECxMFMTExNDAx
     FjAUBgNVBAMTDUFETUlOSVNUUkFUT1IwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
     AoGBALFwp9ejcE7xhYajSVAgYQryv7KRDu4h6E+32Jn4QNvj3CmfsR60SiIQPXBM
     ayZeJfebbCf5mba/7UTe4Jut2VUJGpwuZ9ZTKdyIuzrQ1wqxNu8VCpLUUhjFhWh1
     jaDPx7D0FvoZIaBn6rHl4G9Nq9iySx8orhD5keeHdfEGkF35AgMBAAEwDQYJKoZI
     hvcNAQEFBQADggEBAB3P9jfWEl0s9JKh5mn4rrqMEQD3DTDfW7W8tOg10bdfSoiB
     qAf68vLFn3+dS8Sp1liA8bQbBfml0jssbEY9rzyVsdmVCdcsT8PkkIqklv4BEA/W
     rhVO7BG1SiQKaOi3mvCex6oeTDYO1L6WZyQktn9QoPnEpjUma9cVEABrlBOhzjVD
     vcr7RLkq6el7WD8SVYrDIbvOaJGPnHeJnmmsxo6kqnfgu/dTkyb2uc+LGQaWirYh
     dMiXZk7hp7Ch+JBoKG/R2/G0QCN6SGQu0VUy9U6LfPa5aBbQ7LhYCLllz3mMVnJv
     5pi+laWmzJnQemoFSE8fMZdIZJ/c5znwQQw9zj8=
      </wsse:BinarySecurityToken>

      <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

         <ds:SignedInfo>

            <ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

            <ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

            <ds:Reference URI="#MsgBody">

               <ds:Transforms>

                  <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

               </ds:Transforms>

               <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

               <ds:DigestValue>
aESo8BofYoqO2DVmzGgfChkMCdU=      </ds:DigestValue>

            </ds:Reference>

            <ds:Reference URI="#MsgOperation">

               <ds:Transforms>

                  <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>

               </ds:Transforms>

               <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

               <ds:DigestValue>
of1msZ2bBlQS1MHJC6dtjB9x7BQ=      </ds:DigestValue>

            </ds:Reference>

         </ds:SignedInfo>

         <ds:SignatureValue>

       M/G/wN9gK96H4zJm/cIgPQWxU2SEhsCXKbrocuVT6OS19yORM4blwUbJnXDIvAgk
       RbRJKca1KO2Ik9PdFvD3IbQu+bmrgY3UTYPho+mhe9Wlj8mXoOf985JR7pn1BvJn
       GW0ih/I6qGECu+jyB+YZxMgci6To6+VBVQq/lROubGQ=
         </ds:SignatureValue>

         <ds:KeyInfo>

            <wsse:SecurityTokenReference>

               <wsse:Reference URI="#X509Token"/>

            </wsse:SecurityTokenReference>

         </ds:KeyInfo>

      </ds:Signature>
 </wsse:Security>
 </soapenv:Header>

 <soapenv:Body Id="MsgBody">
 <DocumentSearch xmlns="http://www.ros.ie/schemas/inbox/"/>
 </soapenv:Body>

</soapenv:Envelope>

Thanks,

Stewart Bourke