Recently, I've been tasked to migrate a set of web service endpoints to new url's. That's all fine and dandy, however the new web services have WSSE security headers, while the old ones didn't. A quick search on the internet got me a lot of links about adding WSSE for Web References (i.e. "asmx" technology), but very little about Service References (i.e. "WCF" technology). In actual fact, it's probably because it's so easy to add the headers. Simply pop the extra headers in the client configuration:

  <endpoint address="https://an.awsome.service/definition.svc" binding="basicHttpBinding" bindingconfiguration="definition" contract="an.awsome.service.definition" name="an_awsome_service_definition">
    <headers>
      <wsse:security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
        <wsse:usernametoken xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
          <wsse:username>TheUsername</wsse:username>
          <wsse:sessiontype xmlns="http://schemas.xmlsoap.org/ws/2002/07/secext">Stateless</wsse:sessiontype>
          <wsse:password type="wsse:PasswordText">ThePassword</wsse:password>
        </wsse:usernametoken>
      </wsse:security>
    </headers>
  </endpoint>

And you're good to go!