Consuming a WebService that is secured with a signature, username & password.

Consuming a WebService that is secured with a signature, username & password.

Hi I am trying to use an API via a secure webservice.
I use this to validate single sign-on to a third party website and to do this I need to login via this webservice, which then provides a redirect to the logged in page.  

I see that SetWebReferenceCredencials provides username and password, but I also need to pass signature.  Which the API uses to authenticate the client.

In an existing project this is handled by configuring in the web.config (below), my question is how can I get this header information be passed or configured so that I can authenticate?  

I have tried setting the SOAP Headers through SetWebServiceSoapHeaders
 I tried to do this by creating a SOAP Header record and then pass it into SetWebServiceSoapHeaders.  I used the XML: "<RequesterCredentials type='xsd:string' xmlns='urn:xxxxxxxDTO'><Credentials type='xsd:string'><Username>7zhV33GuEzpi8Xs</Username><Password>6luSAFvM1EoP7FD86xbiHDvo8</Password><Signature>695qJ3BWlcrS0Mtalx0jrGVgSWxvLvIYG8MbJ1A3vTt66Xig6X</Signature></Credentials></RequesterCredentials>"

Reading it back immediately showed it to be empty!  So I'm not sure if I'm doing it right.  The only error I get is from the webservice rejecting my client as the signature, username and password may be missing.

Any ideas or pointers welcome.

web.config content:
      <endpoint address=""
        binding="basicHttpBinding" bindingConfiguration="xxxxxxxxxxxDTOBinding"
        contract="xxxxxxxxx.xxxxxxxxxxDTOPortType" name="xxxxxxxxxxxDTOPort">
       <RequesterCredentials type="xsd:string" xmlns="urn:xxxxxxxxxxx">
            <Credentials type="xsd:string">
Hi Richard,

The xml you have looks ok. I have searched for an example and the only big difference on mine is that instead of setting the xmlns, I add it with an namespace alias ..not sure if it makes a difference.

Here is a screenshot of mine, I only set the mustunderstand and the element:
(note that this is for a ws-security UserNameToken header, so Its a bit different than yours)

Hope it helps.

João Rosado
Thank you João 
I was going to update as Andy Burgess from OutSystems put me on the right track.  The problem was I'd used SetWebServiceSoapHeaders and not  SetWebReferenceSoapHeaders (as per your example). It now all works fine passing the string above.
Many thanks