Extract identity with the UsernameToken from the WS-Security header

The claimed identity of the requester is extracted from the WS-Security UsernameToken element. This element contains the username and password or password-digest.

For this method, use TLS to prevent the password from being sent as cleartext.

The following header illustrates a SOAP document with the values of the Username and Password elements highlighted in bold.

<?xml version="1.0" encoding="UTF-8"?>
<S11:Envelope
  xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/
    oasis-200401-wss-wssecurity-secext-1.0.xsd"
  xmlns:S11="http://schemas.xmlsoap.org/soap/envelope/">
<S11:Header>
  <wsse:Security>
    <wsse:UsernameToken>
      <wsse:Username>Fred</wsse:Username>
      <wsse:Password>Smith</wsse:Password>
    </wsse:UsernameToken>
  </wsse:Security>
</S11:Header>