With the rapid development of web services, message security of web services between heterogeneous platforms is increasingly prominent. As two popular web services platforms, Apache Axis2 and Microsoft .Net, have their own security module respectively (Rampart, WSE). Due to differences in platform security mechanisms, it is difficult to build a secure web services communications between different platforms. This paper firstly introduces the Apache Axis2 and. Net platforms, and then analyzes their differences of security mechanism on these two platforms. Finally, followed by a typical secure case, a series of steps are designed and tested in order to realize secure web service invocation on heterogeneous platforms.