Hello, We need to validate the signature in each SOAP request to determine if the received message hasn't been tampered with, and to determine who sent the message. We use information in the WS Security header in the SOAP header. To validate a signature however it is necessary to have access to the SOAP body because this is used to create a hash. The SOAP body is not available. When using the 'Custom Authentication' option we can import any elements we want from the SOAP header, but not from the SOAP body. I thought about trying to implement this as the first action in each web service operation, but again the SOAP body is not available. Any thoughts on how to validate a signed SOAP message? Thanks, Andrew