无法对安全令牌进行身份验证或授权

我需要从。net客户端使用一个Apache CXF 2.6 web服务。我在请求中发送的头是这样的(用fiddler捕获):

<soap:Header>
        <wsse:Security>
            <wsse:BinarySecurityToken></wsse:BinarySecurityToken>
            <ds:Signature ></ds:Signature>  

和服务响应:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header/>
<soap:Body>
    <soap:Fault>
        <faultcode xmlns:ns1="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">ns1:FailedAuthentication</faultcode>
        <faultstring>The security token could not be authenticated or authorized</faultstring>
    </soap:Fault>
</soap:Body>

这是我的。config:

  <system.serviceModel>
    <bindings>
      <customBinding>
        <binding name="myCustomBinding">
          <security allowSerializedSigningTokenOnReply="true" enableUnsecuredResponse="true"
            authenticationMode="MutualCertificate" securityHeaderLayout="Strict"
            includeTimestamp="false" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
            requireSignatureConfirmation="true" />
          <textMessageEncoding maxReadPoolSize="2147483647" messageVersion="Soap11">
            <readerQuotas maxDepth="32" maxStringContentLength="2147483647"
              maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
          </textMessageEncoding>
          <httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
            maxBufferSize="2147483647" requireClientCertificate="true" />
        </binding>
      </customBinding>
    </bindings>    
  </system.serviceModel>

这就是我到目前为止在代码中所做的，我实现了我的代理对象:

    public ConfigureProxy()
{
    try {

        CustomBinding customBinding = new CustomBinding("myCustomBinding");
        DnsEndpointIdentity oDNSEndPoint = new DnsEndpointIdentity(DNS);    
        EndpointAddress oEndPoint = new EndpointAddress(new Uri("Service"), oDNSEndPoint, new AddressHeaderCollection());   
        StoreLocation oStore = StoreLocation.LocalMachine;
        this.p_CanalProxy = new WSREACXFServiceClient(customBinding, oEndPoint);
        ClientCredentials oCred = this.p_CanalProxy.ClientCredentials;
        oCred.ClientCertificate.SetCertificate(oStore, StoreName.My, X509FindType.FindByThumbprint, "thumpr");
        if (oCred.ClientCertificate == null)
            throw new InvalidOperationException("client cert ");
        oCred.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "thumpr sever cert");
        if (oCred.ServiceCertificate == null)
            throw new InvalidOperationException("cert server ");
        oCred.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
        oCred.ServiceCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;

    } catch (Exception ex) {
        p_CanalProxy = null;

    } finally {
    }
}

但是根据我得到的样本，它应该是这样的:

<soap:Header>
    <wsse:Security>
        <wsse:BinarySecurityToken></wsse:BinarySecurityToken>
        <ds:Signature ></ds:Signature>                                      
        <wsse:BinarySecurityToken></wsse:BinarySecurityToken>   <!-- repeated -->
        <xenc:EncryptedKey></xenc:EncryptedKey>         

请问有人帮我吗?提前感谢!