Listing 1

<soap:Header>
... 
<wsse:Security soap:mustUnderstand="1">
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-
 open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
  wsu:Id="SecurityToken-432265eb-34ff-41b2-a888-aef91202d7db">
<wsse:Username>Admin</wsse:Username>
<wsse:Password Type="wsse:PasswordDigest">UrtfbCJLLErsknuf24YurTbv=</wsse:Password>
 <wsse:Nonce>LwZi+KRqpiintiFVzqOi1R==</wsse:Nonce>
<wsu:Created>2005-01-31T21:42:52Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
...
</soap:Header>

Listing 2

Note the inclusion of the wse:UsernameToken in the wssp:MessageParts section

<wssp:Confidentiality wsp:Usage="wsp:Required">
...
<wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">
wsp:Body() wse:UsernameToken()
</wssp:MessageParts>
</wssp:Confidentiality>