Remove timestamp element from ws-security headers created by WCF

Question

I am consuming an old Java web service from WCF that requires the request in the form:

Answer 1

Found the answer on Kristian Kristensen's blog post about his woes in integrating to a Java AXIS 1.X and WSS4J web service.. So much simpler and easier than the hacks I was trying previously.

You can solve this with a simple custom binding in App.config as so:

BUGFIX - there is a bug in previous version - forgot to add certificate in httpTransport

<system.serviceModel>
    <bindings>
        <customBinding>
            <binding name="CustomBindingName">
                <security authenticationMode="UserNameOverTransport" includeTimestamp="false">
                    <secureConversationBootstrap />
                </security>
                <textMessageEncoding messageVersion="Soap11" />
                <httpsTransport useDefaultWebProxy="false" requireClientCertificate="true" />
            </binding>
        </customBinding>
    </bindings>

    <client>
        <endpoint address="<endpoint address>" 
            binding="customBinding"
            bindingConfiguration="CustomBindingName"
            contract="<contract goes here>"
            name="EndpointName" />

    </client>
</system.serviceModel>

This gives the correct SOAP ws-security header without the timestamp that confused the java server just by calling this code

var client = new [clientType]();

client.ClientCredentials.ClientCertificate.Certificate = [certificate];

client.ClientCredentials.UserName.UserName = [UserName];
client.ClientCredentials.UserName.Password = [Password];

System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;

// TODO wrap in try catch
client.Open();

var result = client.[action](new [RequestType] { ... });

Further Reading:

• Source of links to answer - Kjell-Sverre Jerijærvi's blog
• Where I found the actual answer - Kristian Kristensen's blog