We currently have a user wanting to consume one of our web services which was created using Workflow, however I am stuck in figuring out how to get authentication working for them. We have had no problems adding authentication around our web services using basic HTTP authentication mechanisms provided by IIS (Basic, Digest, Windows, etc.), however this consumer does not have the ability to use HTTP authentication (or send any HTTP headers at all). They have a way to send a UsernameToken via a SOAP security header, however I'm not entirely sure if its possible for a workflow to authenticate via this mechanism. Has anyone else had experience in getting workflow to authenticate in this way, or has support for SOAP based security even been implemented? Thanks in advance!
Just as a bit of background here is a sample UsernameToken SOAP request we would hope to be able to send to our web service:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:tran="www.transparentlogic.com">
<soapenv:Header>
<wsse:Security soapenv:mustUnderstand="0" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>USERNAME</wsse:Username>
<wsse:Password Type="PasswordText">PASSWORD</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
<soapenv:Body>
<tran:ExecuteIPReclaim>
<tran:TaskNumber>TEST</tran:TaskNumber>
<tran:CRNumber>TEST</tran:CRNumber>
</tran:ExecuteIPReclaim>
</soapenv:Body>
</soapenv:Envelope>