I've seen this question in multiple ways, the problem is that by default we can't change the soap message to add the security token like it says in the oracle pdf. so after a lot of trying i found the way to do it but you won't like it.
this is a bad solution because every time i update the service reference it blows up and i have to change the Reference.cs again, but i found nothing better.
First download the microsoft WEB SERVICES ENHANCEMENTS (WSE 2.0 or 3.0). this will give you the namespace to create the UsernameToken and the object you'll inherit on the reference.cs
You need to make manual changes to the service reference.cs (i don't like it either). change the inherited namespace from "System.Web.Services.Protocols.SoapHttpClientProtocol" to "Microsoft.Web.Services3.WebServicesClientProtocol"
This will give you access to the security header to add the token like this:
CascadingPicklistService service = new CascadingPicklistService();
CascadingPicklistRead_Input input = new CascadingPicklistRead_Input();
UsernameToken userToken = new UsernameToken(username, password, PasswordOption.SendPlainText);
If you are using .NET 4.0 or higher you are better off using WCF. If you generate your proxy classes using "svcutil.exe" there will be a class called "CascadingPicklistServiceClient" that inherits from "ClientBase<TChannel>". To set credentials, do the following:
The reason I recommend .NET 4.0 or higher is because it exposes a property called EnableUnsecuredResponse in the config. There was a hotfix to add this property in .NET 3.5, but setting it requires creating a custom binding.