In BizTalk, I am looking for a way to avoid supplying the password in the Bindings of receive locations that uses the POP3 Adapter to connect to an Exchange Server.
On other adapters like FTP this is possible to supply a password via the SSO, it seems that using the SSO is is not an option on the POP3 adapter?
On MSDN it is described that "Secure Password Authentication (SPA). The POP3 server uses current process credentials for authentication". So I have tried to give the Service Account running the Host Instance access to the mailbox, but without success.
Related
I have a WCF-BasicHTTP send port configuredas follows:
Security tab Security mode:Transport;
Transport client credential type: Certificate;
Client certificate: (thumbprint of our client cert);
Service certificate: (thumbprint of the service's public key cert).
General tab, Endpoint Identity: everything is left blank.
There is a send pipeline component that substitutes alternative endpoint addresses depending on the interaction type (all endpoints share the same base URL).
Recently, our trading partner has renewed their server certificate, and failed to notify us in advance. The send port continues working (good). However, the behaviour leads me to believe that even though BizTalk forced me to specify some service certificate thumbprint, the adapter then does not actually verify the service certificate thumbprint against what's set in the binding. I can't figure out if this is a bug or by design?
I am currently maintaining web applications available from a secure network. My users connect to the network within a VPN connection using L2TP/IPSec, to which they authenticate using their user id and password. When they access the web application, they also have to authenticate again with the same user id and password.
Since they have authenticated once to the VPN already, is it possible for the application to verify their authentication status and get their identity from the VPN?
Thank you!
It really depends on your VPN server and the capabilities of your web app. If your web app can access the VPN servers logs, current connections or API than yeah you might be able to set something up.
George
My application needs to access files from a remote FTPS or SFTP server depending on what my app user wants to connect to. I need to be able to access file content in a folder or create a folder.
1) What login properties differ for an FTPS and SFTP server that a user must enter?
2) Is there any way I can detect if it is an SFTP or FTPS server?
SFTP doesn't have any authentication. SFTP protocol is supposed to be used over SSH connection, thus it relies on SSH for authentication. So all authentication mechanisms of SSH apply. The list of such mechanisms is extensive - you can authenticate using password, a private key ("public-key authentication"), X.509 certificate (not a popular option), keyboard-interactive (challenge-response) dialog, also via GSS-API you can use Kerberos and possibly other mechanisms. FTPS as FTP-over-TLS can also use various mechanisms. FTP uses username/password by default, but potentially one can implement some tricky mechanisms using SITE command. TLS protocol includes client-side authentication using X.509 certificates, pre-shared symmetric keys, plain PKI keys, OpenPGP keys.
SFTP and FTP/FTPS are completely different protocols. Servers run on different ports. If you want to implement protocol autodetection, you can try the following: connect to the server, and if it sends a welcome SSH message within 200-500 ms, you know that it's an SSH (and potentially SFTP) server. If it sends a welcome FTP message, it's an FTP server (this includes explicit TLS mode of FTPS). If it sends nothing, then it can be a TLS server and you can have implicit FTPS over this connection.
We are migrating from a dedicated server with a local virtual SMTP server to Windows Azure. As far as I can tell Windows Azure does not allow a local SMTP server to be setup in IIS. The SMTP Server option in the management console is missing. How would I setup an email relay so that I can have a .net web application send emails from a Windows Server 2012 virtual machine in Azure?
This is more like corollary to what #mcollier has stated. Given that you are already on Azure and you get 25,000 free emails (there are higher plans as well) with your subscription as well.
You can configure a Virtual SMTP server which relays to the sendgrid services. For the development perspective you will have the view of using your own SMTP server / service. Setting up a sendgrid based service is explained in this link.
I have used sendgrid earlier and my experience with this was amazing. As #mcollier has pointed out, using services like Sendgrid will give good chance of staying away from spam problem, if you try to setup and use the SMTP service of your own because of the reverse lookup etc.
PS: The above Virtual SMTP Server can be replaced with Amazon SES, which is equivalently a good service. Check out more info here.
First, assuming you're using a Windows Azure IaaS VM. Correct? If so, I think you need to enable that role/feature in Windows Server.
Second, why the need to send emails from that specific server? Would a service like SendGrid work? One problem people sometimes have with email servers in Windows Azure is the domain of your service (something.cloudapp.net) does not match your vanity domain when a reverse DNS lookup is performed. This could cause the email to be flagged as spam (since you don't technically own the sending domain, something.cloudapp.net).
I developed an direct relay application using the normal RFC email commands and lock that on my application, but strange that some test emails get delivered using the relay on windows AZURE VM, and all other mails are not getting any bounce response, and making a sense that every email is being delivering,
This is strange behaviour on azure vm.
so it means you can't send email using azure vm as a smtp mail server, if like to test then simply download promailer marketing manager from jsmtp.com
I've noticed that it is possible SQL Server 2005/2008 to authenticate replication accounts using certificates. Is it possible to authenticate .NET SqlConnection in the same manor?
Ideally, I'd like to do away with password authentication completely and have the aspnet user connect using a certificate stored against its account.
Is this possible, and if so, how can this be done?
The only way to authenticate a TDS protocol connection (ie. a user connection) is using Windows authentication (NTLM/Kerberos) or SQL Authentication (user/password). Is not possible to authenticate TDS connections using certificates. Only Database Mirroring and Service Broker connections can authenticate using certificates.
What you probably noticed is the HTTPS authentication between IIS and a client that occurs in Web Based Replication. That is indeed certificate based authentication, but occurs between the client and IIS and SQL Server is not involve din any way in it.
You can configure ASP.NET to use client side certificates, see this KB article.
But the ASP.NET server does not have access to your client's certificate. So the ASP.NET server cannot authenticate to SQL Server with a certificate.