Continuing this discussion with myself.
Here is a link to acegi documentation I was talking about:
Actually this document is doing something different. Not what I initially thought it was doing.
In any case my question remains.
Again continuing this discussion with myself.
One way I guess to solve this issue would be to use handlers.
One picks up the credential information from the soap header and when the response is sent another handler adds the header fields.
This way the second webservice will try to authenticate against the headers added by my handler.
Would this be a correct solution?