Carl’s Geek Notes

March 15, 2007

WSE 3.0 Hell: “SOAP header security was not understood.”

Filed under: C#/.NET, Computers, Programming, Web Services, WSE — Carl @ 10:29 am

It’s been an interesting couple of days with WSE 3.0.  I continually got the error message:

System.Web.Services.Protocols.SoapHeaderException: SOAP header Security was not understood.
   at System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection direction, Boolean client)
  at System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
   at System.Web.Services.Protocols.WebServiceHandler.Invoke()
   at System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()" string

when trying to use a username and password in a SOAP username token.  For some reason, the WSE 3.0 configuration manager did not accurately change the web.config file to reflect the soapServerProtocolFactory for WSE 3.0.  I added the following in the configuration/webServices of the web.config file: 

  <add type="Microsoft.Web.Services3.Description.WseExtensionImporter, Microsoft.Web.Services3, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<soapServerProtocolFactory type="Microsoft.Web.Services3.WseProtocolFactory, Microsoft.Web.Services3, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />

and it worked perfectly.  It looks like the WSE 3.0 configuration tool was adding this to the app.config file instead of the web.config file (and it never adds the soapServerProtocolFactory element to the app.config anyway).


  1. Thank you for the posting. I had the same issue for couple of days. After reading your posting, I got it resloved.

    Comment by Ning Luo — June 6, 2007 @ 3:32 pm

  2. Glad to hear it helped–thanks for the feedback!


    Comment by Carl — June 6, 2007 @ 5:38 pm

  3. thanks so much for posting this. it helped me resolve the same issue

    Comment by anton — July 13, 2007 @ 5:38 am

  4. i didnt understand where to place the supplementary tag in web.config. can you please help me?

    Comment by carlo — December 4, 2007 @ 11:44 pm

  5. Carlo,

    View the web.config in my web service sample project here:

    to see what it should look like. Good luck!

    Comment by Carl — December 5, 2007 @ 10:54 am

  6. I have placed this code in the web.config of the web service, but still getting this error.

    Any other suggestion?

    Comment by Ben — September 8, 2008 @ 4:43 am

  7. Ben,

    Do you have WSE 3.0 installed? The error is that it can’t interpret the SOAP parameters used for security, so I’d look in that direction.

    Good luck!

    Comment by Carl — September 8, 2008 @ 7:32 am

  8. I was getting this exception even when I had the web.config file configured correctly. I finally found out that the problem was due to a mis-configuration in the website my web service was running under as a virtual directory. The local path in the web site didn’t actually exist, so I changed it to a path that does exist, recycled the app pool the web service runs under and it worked.

    – Windows 2003 SP2
    – WSE3.0 was not installed, just copied the dll in the bin folder.

    Comment by Nick — January 14, 2009 @ 1:17 pm

  9. If add a customer header named “security” and set MustUnderstand property to true, then it may occur this error. If set to false, then OK.

    Comment by nina — March 19, 2009 @ 9:11 pm

  10. Hi Carl,

    Is this Web.config change referring to the client or Server?

    I’m getting the same error…


    Comment by Dsn — April 24, 2009 @ 8:46 am

  11. tanks alot

    Comment by prasok — August 8, 2010 @ 11:41 pm

  12. You are my God. Thanks a zillion for this post.

    Comment by nbhm — December 11, 2011 @ 6:15 am

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

The Silver is the New Black Theme. Create a free website or blog at


Get every new post delivered to your Inbox.

Join 48 other followers

%d bloggers like this: