As described in the Adding a dynamic SoapHeader into a message recipe in Chapter 5, WCF supports dynamically adding SoapHeaders into request/response messages without defining them statically in
OperationContract. This works fine for those scenarios where the dynamic SoapHeader doesn't need to be secured (either signing or encrypting), since the programmatically-injected SoapHeader is transferred as unsecured in the
<headers> section of a SOAP envelope. Then, how do we secure the dynamically added SoapHeader?
In this recipe, we will demonstrate how to secure a SoapHeader that is added into the WCF request message, programmatically.
To secure a dynamically added SoapHeader, we need to ...