WSE 3.0 Hell: “SOAP header security was not understood.”

It’s been an interesting couple of days with WSE 3.0.  I continually got the error message:

System.Web.Services.Protocols.SoapHeaderException: SOAP header Security was not understood.
   at System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection direction, Boolean client)
  at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
   at System.Web.Services.Protocols.WebServiceHandler.Invoke()
   at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()" string

when trying to use a username and password in a SOAP username token.  For some reason, the WSE 3.0 configuration manager did not accurately change the web.config file to reflect the soapServerProtocolFactory for WSE 3.0.  I added the following in the configuration/webServices of the web.config file: 

  <add type="Microsoft.Web.Services3.Description.WseExtensionImporter, Microsoft.Web.Services3, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<soapServerProtocolFactory type="Microsoft.Web.Services3.WseProtocolFactory, Microsoft.Web.Services3, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

and it worked perfectly.  It looks like the WSE 3.0 configuration tool was adding this to the app.config file instead of the web.config file (and it never adds the soapServerProtocolFactory element to the app.config anyway).


15 thoughts on “WSE 3.0 Hell: “SOAP header security was not understood.”

  1. Thank you for the posting. I had the same issue for couple of days. After reading your posting, I got it resloved.

  2. Ben,

    Do you have WSE 3.0 installed? The error is that it can’t interpret the SOAP parameters used for security, so I’d look in that direction.

    Good luck!

  3. I was getting this exception even when I had the web.config file configured correctly. I finally found out that the problem was due to a mis-configuration in the website my web service was running under as a virtual directory. The local path in the web site didn’t actually exist, so I changed it to a path that does exist, recycled the app pool the web service runs under and it worked.

    – Windows 2003 SP2
    – WSE3.0 was not installed, just copied the dll in the bin folder.

  4. If add a customer header named “security” and set MustUnderstand property to true, then it may occur this error. If set to false, then OK.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s