Authentication Trusted for a new Host RRS feed

  • Question

  • Whats the use of creating a Trusted Host vs non trusted (which is the default behavior)



    Wednesday, January 29, 2014 7:37 PM

All replies

  • Hello,

    The default Behavior is trusted.

    the main point to consider is that if you are going to talk to external systems and trading partners via Web Services, AS2 etc...from your BizTalk, the hosts have to be trusted.


    Secondly, once you do decide to create Trusted Hosts, you should keep the same configuration in all environments even if you are not communication externally. This will ensure smoother code migration from one environment to the other via bindings and msi installs.



    Wednesday, January 29, 2014 7:50 PM
  • Hi Vai,

    When you create a new Host, you need to explicitly specify by clicking on the checkbox "Authentication Trusted" under Options section under General page of Host Properties, by default only 32-bit only is checked rest are unchecked.

    When you make Host as trusted, you actually grant it permission to fetch authentication information from database which is used to stamp a message with a party ID and a windows Security ID.

     Have a look at similar thread and to get more insight, follow the links in the thread.

    Maheshkumar S Tiwari|User Page |

    Wednesday, January 29, 2014 8:21 PM
  • Sorry, @Abhishek0127 that Proposed answer is not correct.

    At the simplest, the Authenticted Trusted attribute directs the MessageBox to maintain the Windows SSID of the message sender, if available, on messages submitted by Instances of that Host.

    If picked up by an Authenticated Trusted host, it allows a downstream systems to act on behalf of the original Windows user.  Basically, that downstream system "Trusts" that BizTalk has "Authenticated" the user.

    It has no affect on Web Services, AS2 or any other built in feature unless you write custom code that uses it.*

    If you don't know that you're using it, you're not so should leave it unchecked.  I've never had occasion to set it to True.

    *Unless you're also using SSO.  Party Resolution might be an exception also.

    Wednesday, January 29, 2014 8:34 PM
  • @BoatSeller Web Services, AS2 etc are only the communication protocol for application Integration .

    You are go through my Post  : I have already mentioned that while communicating with External System host should be trusted (haven't elaborate SSID which you have done :) ).

    Hope this will clear the doubts .



    Wednesday, January 29, 2014 8:58 PM
  • The original poster is asking specifically about the Authentication Trusted option on the Host.

    To be absolutely clear, a Host does not require Authentication Trusted checked to use AS2, Web Services or any other built-in protocol.

    To get back to the original question.  One case where you would check Authentication Trusted is if you want to use the SSO option on Send Adapters to lookup credentials based on the original sending user. 

    Unless you know the specific case that requires Authentication Trusted, leave it unchecked.

    Wednesday, January 29, 2014 9:40 PM