I'm pretty new to SOAP so go easy on me. I'm trying to setup a SOAP service that accepts the following header format:

<soap:Header>
   <wsse:Security>
      <wsse:UsernameToken wsu:Id='SecurityToken-securityToken'>
         <wsse:Username>Username</wsse:Username>
         <wsse:Password>Password</wsse:Password>
         <wsu:Created>Timestamp</wsu:Created>
      </wsse:UsernameToken>
   </wsse:Security>
</soap:Header>

The application I'm incorporating this service into is an ASP.NET 3.5 web application and I've already setup a SOAP endpoint using WCF. I've setup a basic service to make sure the WCF works and it works fine (disregarding the header). I heard that the above format follows WS-Security so I added WSHttpBinding in the web.config:

<service name="Nexternal.Service.XMLTools.VNService"
         behaviorConfiguration="VNServiceBehavior">
  <!--The first endpoint would be picked up from the confirg
  this shows how the config can be overriden with the service host-->
  <endpoint address=""
            binding="wsHttpBinding"
            contract="Nexternal.Service.XMLTools.IVNService"/>
</service>

I downloaded a test harness (soapUI) and pasted in a test message with the above header and it came back with a 400 Bad Request error.

...for what it's worth, I'm running Visual Studio 2008 using IIS7.

I feel like I'm going in circles so any help would be awesome. Thanks in advance.