One of the other features that WSE provides is the ability to extend the security of a web service by providing APIs and tools that deal with use name identity transmission, X.509 certificates, and digital signatures. The next section will show you how to write a web service that can not only accept a username and password combination embedded in the SOAP envelope, but can also validate the authenticity of the message itself using digital certificates.
Introduction to WSE Security
WSE security is built around adding various elements to the SOAP header. An element called a UsernameToken can be added to the header that identifies the username and password of the message sender. Additional elements include security verification elements ...