As I mentioned earlier, I'm testing our SOAP API on a few different platforms and am using PocketSOAP as a COM solution for scripting languages (Like VBScript). It supports SOAP 1.2 but it doesn't support the WS-* standards out of the box. If you simply need to use the UsernameToken part of the WSS spec and you are sending your password as plain text (Over SSL right?) you can use the following VBScript method to add the headers:

Sub AddWSSUsernameToken(envelope, username, password)

    Dim WSSNamespace, Security, UsernameToken, Serializer
    WSSNamespace = ""

    Security = envelope.Headers.Create("Security", "", WSSNamespace)
    UsernameToken = Security.Nodes.Create("UsernameToken", "", WSSNamespace)
    ' NOTE: If your using the SOAP 1.1 version of the envelope you
    '       need to add the following line:
    ' UsernameToken.root = true
    UsernameToken.Nodes.Create("Username", username, WSSNamespace)
    UsernameToken.Nodes.Create("Password", password, WSSNamespace)

    Serializer = envelope.SerializerFactory
    Serializer.understoodHeader(WSSNamespace, "Security")

End Sub

As noted if your using the SOAP v1.1 envelope you need to include the line where the root property is set for the UsernameToken node. Here is the usage:

Dim envelope
Set envelope = CreateObject("pocketSOAP.Envelope.12")

envelope.SetMethod "SomeMethod", "SomeNamespace"

AddWSSUsernameToken envelope, "tony", "clifton"


UPDATE: Here is the implementation in JScript:

function AddWSSUsernameToken(envelope, username, password)
    var wssNamespace = "";

    var security = envelope.Headers.Create("Security", "", wssNamespace);
    var usernameToken = security.Nodes.Create("UsernameToken", "", wssNamespace);
    // NOTE: If your using the SOAP 1.1 version of the envelope you 
    // need to add the following line: 
    // usernameToken.root = true;
    usernameToken.Nodes.Create("Username", username, wssNamespace);
    usernameToken.Nodes.Create("Password", password, wssNamespace);

    var serializer = envelope.SerializerFactory;
    serializer.understoodHeader(wssNamespace, "Security");