I built a webservice using WCF and decided to use message security(wshttpbinding) with custom authentication( my own database) and X.509 certificate. I want to know how does client call a webservice using SOAP message in order to authenticate and use my service. I want to know what should I have to add in soap header section in order to call to my service because I have to call this webservice from Non-WCF client.
any helps would be appreciated
regards
It depends on the way how you want to use the certificate. You can use message or transport security where transport means HTTPS and it is highly interoperable and message means WS-Security where your clients usually needs to use some special API (manually implementing WS-Security and related protocols is huge task). So it mainly depends on the type of Non-WCF client. There are many APIs for Java or C++ and some for PHP but I'm not aware of any API providing WS-Security features for Android, iOS or Windows Mobile.
User name and password can be also transported either in message or by transport headers. The former approach is usually achieved by standardized UserName Token profile which is only set of predefined SOAP headers (WCF will do this for you). There is nothing special about these headers so even Non-WCF clients without WS-Security API should be able to easily consume the service. The later approach is usually achieved by Basic HTTP authentication and together with HTTPS it can be the most interoperable solution (but there can be some challenges on WCF site if you host the service in IIS and you don't want to use Windows accounts for authentication).
