Fellas,

I have some sort of a SOAP Routing problem that has been bugging me for the
last couple of days and would like to gather some inputs and advice.

I am using ExtendedSecurity of SoapContext to route a message meant for Bob
through n intermediaries. When I have 2 securityHeaders into the SoapHeaders
(with ExtendedSecurity) such as

<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-65a389e8-af2d-4956-bb53-3570adf809bd"><wsu:Created>2004-11
-16T08:44:40Z</wsu:Created><wsu:Expires>2004-11-16T08:49:40Z</wsu:Expires></
wsu:Timestamp>
<wsse:UsernameToken
wsu:Id="SecurityToken-f165fe18-d365-4026-9563-1dbd295677df">
<wsse:Username>User1</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordDigest">ARF32nI4S2VZ2GjqINGIwD4J8k4=</wsse:Password>
<wsse:Nonce>4lo7YfLLaapdhEmtJR0ATQ==</wsse:Nonce>
<wsu:Created>2004-11-16T08:44:40Z</wsu:Created></wsse:UsernameToken><xenc:Re
ferenceList
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:DataReference
URI="#EncryptedContent-9e877cd6-a2f1-4492-961a-a28d07741330"
/></xenc:ReferenceList>
</wsse:Security>

_AND_

<wsse:Security
soap:actor="http://localhost/dotnetproj/wseencrypttwice/Router/RouteMe.ashx"
soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-b4880b65-4d1e-4f28-9bdb-5a855d6cd734"><wsu:Created>2004-11
-16T08:44:40Z</wsu:Created><wsu:Expires>2004-11-16T08:49:40Z</wsu:Expires></
wsu:Timestamp>
<wsse:UsernameToken
wsu:Id="SecurityToken-77d39d84-f2ef-4737-8391-a766122a8bec">
<wsse:Username>User2</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordDigest">50BlRNlB2xkSG3xSGevEYUCXdNE=</wsse:Password>
<wsse:Nonce>R1fU2QcG9AJmQ0Z1AKf+tw==</wsse:Nonce>
<wsu:Created>2004-11-16T08:44:40Z</wsu:Created></wsse:UsernameToken><xenc:Re
ferenceList
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:DataReference
URI="#EncryptedContent-3f7b2b83-b14f-4147-bbed-b273956fcff5"
/></xenc:ReferenceList>
</wsse:Security>

The First securityHeader is meant for the final SOAP Destination while the
seccond is meant for the consumption of the SOAP Intermediary, which in my
case, is a SOAPHttpRouter (see SOAPActors in the message)

This works fine when I sent this message from a ServiceConsumer by setting
its URL to the router address such as
Dim a as new localhost.SomeService
a.URL = ="http://localhost/dotnetproj/wseencrypttwice/Router/RouteMe.ashx"
MessageBox.show a.HelloWorld

By the time, the SOAP Message hits the final endpoint, there is only one
securityHeader left to be processed by the SOAP Endpoint. The intermediate
SOAP Router has processed the first layer of encryption and removed the
concerned appropriate securityHeader. This is all GOOD !

However, the problem crops up when I include another intermediary or a
Router into the mix, so now there are 2 Routers before the message hits the
SOAP endpoint. In this case, there are 3 securityHeaders, 2 with different
actors corresponding to different intermediate routers and one with no
soapActor which is meant for the final SOAP Destination.

In my first SOAPHttpRouter, I have a ProcessRequestMessage method that
returns a URI which is the URL of the next intermediate SOAPHttpRouter. It
goes like this:

Protected Overrides Function ProcessRequestMessage(ByVal message As
SoapEnvelope) As Uri
   Return New
Uri("http://localhost/dotnetproj/wseencrypttwice/router2/routeme.ashx")
 End Function 'ProcessRequestMessage

An error exception is thrown when the entire process is run

WSE526: The <EncryptedData> element referenced by the <ReferenceList> in the
Security header could not be found. at
Microsoft.Web.Services2.Security.Security.LoadXml

From the trace run, it is obvious that the 2nd intermediate SOAP Router did
NOT process the message and instead just sent the message over to the SOAP
destination Endpoint. The code at the SOAP Endpoint will not know how to
decrypt the message that was using credentials meant for the 2nd SOAP Router
.

In other words, when the SOAP Message hits the final endpoint, there are
STILL 2 securityHeaders left to be processed by the SOAP Endpoint. The 1st
intermediate SOAP Router has processed the first layer of encryption and
removed the concerned appropriate securityHeader BUT the 2nd intermediate
SOAP Router did NOT process the message and THUS did NOT remove its own
securityHeader.

Am I doing something wrong or missing something here ? How do I send the
message from the first SOAPHttpRouter to the next SOAPHttpRouter so that the
message can be processed properly ?

Thanks for any advice.