none
Using the WCF Adapter to a 3rd Party - Outside Your Domain RRS feed

  • Question

  • This should be a relatively simple yes or no questions.  Currently, we are attempting to use the WCF adapter to connect to a vendor's service.  This is a Https required connection, though we're using the WCF-Custom.  Their service requires Windows credentials that consist of a domain name/account name and password.  Obviously, this is not an account on our own domain, so using those credentials to run a host instance is not an option.  Is it possible to connect in some fashion using the third party credentials?  Or will a truly custom WCF adapter need to be built.

    I can provide more information if needed, however, I'm truly looking for a yes or no to the concept.  The "experts" we've been in touch with so far have not been able to give us an answer.

    Thanks!

    Tuesday, March 23, 2010 3:33 PM

Answers

  • Hi,

    I had the same issue last year when I was working on a project.
    We got the same problems and if we performed a network trace, we saw that BizTalk sends the credentials of the host instance that is running the send port.

    We found a workaround for it at the time because we had to move fast. Instead of using a WCF adapter, we used the SOAP adapter.
    This gave us the chance to write our own proxy class for the service, and we took care of the credentials there.

    We haven't found another solution yet. And a support case at Microsoft had no result yet. It could be a quick workaround, but if there is a more standard way, I would go for that. Because you have to keep in mind that the SOAP adapter will be deprecated in BizTalk 2009 R2!

    Kind Regards
    Tim

    Wednesday, March 24, 2010 7:02 AM
  • Thanks Tim. There are a lot of community people pushing to keep the SOAP adapter but we will see. It is interesting to hear another reason to use it rather than the WCF adapter. We might call it BizTalk XP Mode (just joking).

    You should be able to build a custom service/endpoint behavior to use with your WCF port to set the SOAP header. Here is some code to do this: http://blogs.msdn.com/skaufman/archive/2009/05/29/exposing-custom-wcf-headers-through-wcf-behaviors.aspx.

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline
    Wednesday, March 24, 2010 6:25 PM
    Moderator

All replies

  • Yes, you could use SOAP headers to send login information for basic authentication.

    If you are thinking more of a federation solution you can use the wsFederationHttp or ws2007FederationHttp bindings with the WCF-Custom adapter.

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline
    Tuesday, March 23, 2010 4:01 PM
    Moderator
  • Currently, we're sending over the credentials in a SOAP (authentication) header, but still receiving the authentication failure.  Specifically, we see this in response:

     

    System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.

       at System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target)

       at System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState)

       --- End of inner exception stack trace ---

     

    Before the vendor switched the service to WCF from SOAP, we were using this authentication header to pass credentials.  My understanding is the development team is using the same SOAP header with the messages they're sending.  Credentials themselves didn't change during the conversion to WCF.  Could that be the inherent problem, that the team is using the same authentication header as before?

     

    Tuesday, March 23, 2010 4:12 PM
  • Extra challenge points:  Microsoft folks can't give us an answer to this.
    Tuesday, March 23, 2010 5:22 PM
  • Hi,

    I had the same issue last year when I was working on a project.
    We got the same problems and if we performed a network trace, we saw that BizTalk sends the credentials of the host instance that is running the send port.

    We found a workaround for it at the time because we had to move fast. Instead of using a WCF adapter, we used the SOAP adapter.
    This gave us the chance to write our own proxy class for the service, and we took care of the credentials there.

    We haven't found another solution yet. And a support case at Microsoft had no result yet. It could be a quick workaround, but if there is a more standard way, I would go for that. Because you have to keep in mind that the SOAP adapter will be deprecated in BizTalk 2009 R2!

    Kind Regards
    Tim

    Wednesday, March 24, 2010 7:02 AM
  • Thanks Tim. There are a lot of community people pushing to keep the SOAP adapter but we will see. It is interesting to hear another reason to use it rather than the WCF adapter. We might call it BizTalk XP Mode (just joking).

    You should be able to build a custom service/endpoint behavior to use with your WCF port to set the SOAP header. Here is some code to do this: http://blogs.msdn.com/skaufman/archive/2009/05/29/exposing-custom-wcf-headers-through-wcf-behaviors.aspx.

    Thanks,


    If this answers your question, please use the "Answer" button to say so | Ben Cline
    Wednesday, March 24, 2010 6:25 PM
    Moderator
  • Thanks to all.  We'll be reviewing both the SOAP work around and the blog link mentioned above as a potential solution.  I'll be sure to post our findings.
    Thursday, March 25, 2010 7:26 PM