经过一番调查，我想出了以下几点:

After a bit of investigation I came up with the following:

1. WCF 消息安全不能与经典 ASP 一起使用

1. WCF Message security can't be used with classic ASP

我在具有以下绑定的服务上创建了第二个端点:

I created a second endpoint on the service which had the following bindings:

  <basicHttpBinding>
  <binding name="SecureBasic" >
  <security mode="TransportWithMessageCredential">
    <message clientCredentialType="UserName"/>
  </security>
  </binding>
 </basicHttpBinding>"

关于这个的几点说明 -

Few notes about this -

1. 您需要使用 HTTPS(即安装自我证书)

1. You'll need to use HTTPS (i.e. install a self-certificate)

这不是在 Internet 上使用的首选安全方法 - 理想情况下，您应该使用消息安全.

It's not the preffered method of security to use over the internet - ideally you should use Message security.

我使用客户用户名和密码验证器来验证客户端请求

I used a customer username and password validator to authentciate the client request

以下 ASP 代码可以很好地调用此服务:

The following ASP code works well calling this service:

        soapServer = "YourSOAPAddress"
        soapMessage = "Put Your SOAP Message in here use Charlies / Fiddler to determine the message"
        Set xmlhttp = CreateObject("MSXML2.ServerXMLHTTP.3.0") 
        xmlhttp.setOption(2) = 13056
        xmlhttp.open "POST", soapServer, False
        xmlhttp.setRequestHeader "SOAPAction",   "urn:Alpha.Services.API.DeviceService/IDeviceService/GetDevices"
        xmlhttp.setRequestHeader "Content-Type", "text/xml; charset=utf-8"
        xmlhttp.send(soapMessage)   
        Response.Write "<br>Finished calling Web Service."
        Response.Write "<br>Status = " & xmlhttp.statusText
        Response.Write "<br>ResponseText = " &  xmlhttp.responseText

对于使用不支持 WS-Security 的语言(例如 ASP)的客户端系统，这是一种可能的解决方案.

For client systems that use a language that does not support WS-Security (such as ASP) this is one possible solution.