问题
I have a BizTalk app up and running that is currently using the WCF-BasicHttp Adapter. It's currently using only Message security using the UserName credential type and that is all working fine.
Things have since changed, we are now required to accept Client Certificates at the Transport (IIS) level for authorization of the service and still continue to use Message security for authentication into the service.
After much pain and searching, I was able to get this to work in a NON-BizTalk WCF environment basing my config of bits of this this post and ended up with the following customBinding configuration:
<customBinding>
<binding name="CustomCDARequestEndpointBinding">
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="UserNameOverTransport" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
This resulted in a WCF client config like so:
<customBinding>
<binding name="CDARequestEndpoint">
<security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport"
requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings detectReplays="false" />
<localServiceSettings detectReplays="false" />
</security>
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ohBehave">
<clientCredentials useIdentityConfiguration="false">
<clientCertificate findValue="6D0DBF387484B25A16D0E3E53DBB178A366DA954" storeLocation="CurrentUser"
x509FindType="FindByThumbprint" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
This works perfectly fine in a NON-BizTalk environment and it seems to be the critical piece of configuration is the <httpsTransport requireClientCertificate="true" /> config element because of the requreClientCertificate attribute. The problem is, no matter what I try, I cannot find a similar setting in the BizTalk WCF-Custom/customBinding configuration anywhere. I can't add the <httpsTransport> binding element extension because it doesnt' exist as on option in BizTalk
Does anyone know what my options are here?
- Can I edit the web.config directly?
- Is there another extension I can add to achieve the same effect in the BizTalk GUI?
- Can I code something in the orchestration to manually setup this receive location the way I'm proposing?
回答1:
Because the WCF-BasicHttp Adapter only surfaces certain properties, you can't use it for your purpose.
Instead:
- Start with the WCF-Custom Adapter
- BindingType = customBinding
- Delete httpTransport
- Add httpsTransport (you will then see requireClientCertificate)
- Add the clientCredentials Behavior and set your options and credentials in the Credentials tab.
来源:https://stackoverflow.com/questions/21415049/translate-non-biztalk-wcf-config-into-biztalk-wcf-custom-endpoint