APIM request xml validation - biztalk

Is there a way to validate the output of the json-to-xml policy against a schema?
one of our partner sents a request to APIM that is routed to backend biztalk and want to validate the request before to route it to biztalk

No. But...even you could, in a trading partner scenario, I wouldn't because you can better handle the issue in the BizTalk app vs. APIM.

Related

How to secure an API using OAuth Certificate Based Authentication

I have an web application made using servlet and I have an seperate API for the web application. I want to secure the API with OAuth so that when we use OAuth, a client certificate is sent instead of credentials to the authorization server for verification and after verification the access should be allowed to the API. Is there any ways to implement this authentication. If possible what are the steps should I do to achieve this?
Client certificate credentials can be used for confidential clients, in either the code flow or the client credentials flow. This type of solution is often used in financial grade setups, where high worth data is involved.
Access tokens issued then contain a cnf claim, so that every API call is bound to the strong credential used at the time of authentication. See the RFC8705 standard for further details.
For a worked end-to-end example that you can run locally, and which covers both the
backend and client behaviours, see this Curity code example. Not all authorization servers support these flows, so check for your provider.

ASP.NET Core Web API with Kerberos Ticket forwarding

I am building Web API with ASP.NET Core hosted on IIS that will act as proxy integrating a few services.
I need to forward user credentials/identity to specific services managed by my API and to do so i want to enable ticket forwarding in Kerberos.
What steps i need to take to make it work?
First of all I need to setup my service as trusted in KDC and after that should it will received forwardable tickets instead of regular ones (i need to specific services that my API can forwards tickets to), am i right?
How do i then forward that ticket to other service using HttpClient?
Does attaching received token to request will be enough?
Am i correct about listed by me steps and is there any thing more to do?
Thank you all for help.

Biztalk 2009: Redirect a message to a different web service

Current State: BizTalk receive message via Web Service A (hosted on the same machine). BizTalk process the message and send it to backend.
Future State: BizTalk still receive message via Web Service A. If a field inside the message matches a certain value, BizTalk needs to send the message to a different web service (Web Service) on another server. Else, proceed with existing flow.
BizTalk is required as a middleware between Application and Web Service B due to network connection. Server for Web Service B only accept TLS1.2 which Application Server yet to support.
Is it possible to reroute the message even before it enter the first orchestration?
Kindly provide best way to do it with detail guidance on changes required or point to existing question or documentation if any.
p/s: Newbie to BizTalk. Let me know if further information need to be provided.
Yes, quite possible
Promote the field that you wish to route on in the schema
Set the filter expressions on the send ports that look at this promoted property
Note: For TLS 1.2 you will need a Custom End Point behaviour on the send port to specify to use TLS 1.2.
As #Dijkgraaf says, you can use Promote field on the schema and then use filter expressions on the send ports to redirect the incoming message to the new Web Service B.
If you need an Orchestration to implement some process before send to the Web Service B, you can use Filter Expression property of the first Receive Shape, to catch the messages with the Promoted Property value that you need.

How to secure a RESTful Web Service exposed by a web API?

I have REST web services exposed by APIs controllers in my ASP.NET Application. These services are useful for me to synchronize my business layer with my view layer.
Now I want to make them more secure, because I feel like all my data is exposed and that anyone can have access to them, if only he types the http url of the web service. Is there any username/password security mecanism for my web services? Or is this done via a certain configuration to IIS?
If you would like to create your own security mechanism then it would not be to hard to authenticate using tokens in the http header. For example, you could use a public/private key scheme and hash a few items that change frequently such as DateTime and input parameters and the resource url itself.
.Net provides ways to place your security checks prior to reaching your service methods so you don't even have to check the token in the http header in each of your methods. They will only be invoked if the request is authenticated.

Web service scenario in BizTalk server

I am new to BizTalk server and I want to know that is it possible to communicate with bizTalk like a web server? My scenario is like this.
I have a application in silverlight that will send request to biztalk (web service or http) with some parameter, biztalk will send that request to third party web service, third party web service will give response to Biztalk, this response will be sent back to my silverlight application.
Is this possible? if yes can anybody give me an article that help in creating this type of application.
Yes - Use the SOAP adapter and a web service port
Service Station from MS
You will need to create an orchestration and a map (if the schema are different between the 2 services) to handle the actual passing of Messages between the 2 web services.
First Steps in Orchestrations
Creating Maps in BizTalk
and a good guide and tutorial for Webservices here
Calling biztalk webservice from Silverlight
http://weblogs.asp.net/jgalloway/archive/2007/06/14/calling-an-asmx-webservice-from-silverlight-use-a-static-port.aspx
Yes. You can set up an HTTP Receive Port and handle straight XML messages from SilverLight and then pass back whatever message SilverLight requires (be sure to use a 2-Way Receive/Send Port). The bigger question here is why? Why not talk to the far end web service directly from SilverLight? Is BizTalk adding any value here? Are you including BizTalk as an abstractionlayer for future functionality? Is BizTalk some how enriching the messages?
My questions are the same as ChrisLoris.. Why use Biztalk here? If its just to call Service A and then B and deliver information back to the silverlight app, I would rather create acustom .net .dll to handle it. If you really want to have a workflow you can use WorkflowFoundation..
I found the solution for this problem. You need to install the certificate in the user store of the user under which biztalk host instance is running and also grant access to private key of the certificate using winhttpcertcfg tool.
1)Open the mmc using runas /user:<> mmc
and import the certificate into the user store.
2)winhttpcertcfg -g -c LOCAL_MACHINE\My -s <> -a <>
These two steps should do the trick.

Resources