The only way I see to get it done is to move to a Transport-only security in your client and then add the security header yourself in a custom encoder. Generating the security header includes:
- Generating the timestamp and pushing it in to the SOAP (easy).
- Generating the signature (hard). See here and the GetSignature commented our method here. Then push it to the SOAP.
To manipulate the SOAP implement the encoder and in the the WriteMessage method where you have access to the message load it to XmlDocument and manipulate it (e.g. add the headers).