I'm attempting to have BizTalk broker the communication to a WCF service that maps some of its data within the response message's header and not the body portion. After researching, the solution was to write the header data to the OutboundCustomHeaders message context property and then the BizTalk WCF adapter will inject it into the outgoing message. This worked perfectly until I enabled message level security using a certificate. In this case, the header still gets included within the response message but AFTER the message is encrypted. This causes the receiving client to throw a MessageSecurityException with the message 'required message part was not encrypted."
Is there a way to configure BizTalk to write the OutboundCustomHeaders before encryption occurs or another way to inject my header in the response?
I'm not sure how much it helps or complicates the answer, but the receive location in BizTalk is using the ws2007HttpRelayBinding to create an Azure endpoint for the client connections.
The solution for this problem was found by creating a custom behavior that adds the required header to the channel protection requirements and attaching it to the ws2007HttpRelayBinding.
I used the following link as a reference to my solution: WCF custom messages security
Related
I was doing a automation testing on my web application with SOAPUI, I have found a bug which is http method fuzzing basically it means "HTTP Method Fuzzing
An HTTP Method Fuzzing Scan attempts to use other HTTP verbs (methods) than those defined in an API. For instance, if you have defined GET and POST, it will send requests using the DELETE and PUT verbs, expecting an appropriate HTTP error response and reporting alerts if it doesn't receive it.
Sometimes, unexpected HTTP verbs can overwrite data on a server or get data that shouldn't be revealed to clients."
Can anyone knows how I can solve this issue or how I block the HTTP request other than GET or POST which may remove this bug.
I am using Node.js and express for my web application.
Please check the images:
Image 1
Image 2
RequestClients in my ApiGateway are injected (using default MS DI) in HTTP request handlers (in those handlers I have access to current request scope). What I want is to automatically, for each RequestClient, to add custom message header where I could put some data from request scope. Use case is to take JWT from request and add it to message as custom header. Then on consumer side I need, for each received request, check that custom header, verify JWT, and add some data from it to consumed request scope so I could access for example IUserContext or something like that. I want to avoid manually adding jwt to message contract for example.
How I can configure MassTransit on Client and Consumer side to achieve what I want? I already read docs about middleware and pipes and observers but still I can't figure it out...
Using RabbitMQ transport.
So, this is pretty complicated to put into a post, so I created a complete sample that shows how to use MassTransit Scoped Filters.
In this sample, an action filter is registered with the controllers to automatically extract the Token header and store it so that it can be used when publishing or sending messages from a controller. The MassTransit filters are configured on the bus, so they're available to all receive endpoints.
In BizTalk 2013 R2, I want to POST JSON request/string to web API. I used WCF-Web Http adapter and JSON decoder/encoder pipeline to create a JSON request. But I am unable to find how to create response schema as I need this response in BizTalk orchestration to update some tables in database. Have anyone worked on it?
As stated in the comments.
Capture the JSON response by having your inbound pipeline initially set the PassThru
Have a Send Port subscribing to the response on the send port and write it to a file
Use the JSON wizard to create a schema from the response file.
Deploy the response schema to BizTalk
Change the inbound pipeline to a custom pipeline with the JSON Decoder.
To Capture the HTTP Status from the REST Service see this article BizTalk Server: REST Services Error Handling. Which involves having the create a custom service behavior to capture the HTTP Status and inject it into the message context property.
I've a two-way WCF receive port, where i've checked both:
1) Route failed messages
2) Suspend request message on failure
This configuration is needed to redirect failed messages to our "exception portal".
When a message is received and it fails validation in XMLReceive pipeline, the message is redirected to our "exception portal" as expected.
The problem is however that the consumer of the WCF service never get's a fault, so the Connection gets a timeout after a while, which is very confusing for the consumer.
Is there anyway to fix this problem? Am I missing something?
What's happening currently is that the message fails on the Receive pipeline, gets routed to your portal, but no response gets routed back. You have to make sure to send a message back. You could do that by:
creating an Orchestration that does the validation (instead of doing it on the pipeline), and making sure to send a response int he orchestration as well as routing failures to your portal
creating a custom component that validates the message (perhaps by calling the XML Validation pipeline in a try block and catching the exception without rethrowing it); on error it sends the message to your portal, and replaces pInMsg with something sensible to send back to the partner.
having your portal receive location be a request response port (perhaps, again, with an orchestration behind it), and route the response back to the WCF two way port. This way is more involved, and to be honest I'm not entirely sure what a working implementation would look like here, but it may be possible.
If it were up to me, I'd go for the Orchestration. You can certainly call the XML Validator pipeline from an orchestration, or you could use other validation logic in there (for example calling BRE).
I am using webMethods from the SAG and it seems if the service
pub.client.http
throws an exception on status code 401 "Unauthorized".
This leads me to the problem that I cannot handle the status code because nothing is written to the pipeline.
getLastError
does contain the string "Unauthorized" but not the status code.
Except that I do not want to start parsing exception messages...
Any ideas?
The output parameter header from the pub.client.http call should contain the information you’re after:
header Document Conditional. HTTP response headers.
Key Description
lines Document Fields in the response header, where key names represent
field names and values represent field values.
status String HTTP status code of the response.
statusMessage String HTTP status message of the response.
See the webMethods Integration Server Built-In Services Reference page 122 for more details.
Asked a SAG senior consultant.
This is the normal behavior.
There is no flag which you can set to enforce suppression of this exception...
You can suppress the exception and have the HTTP 401 status returned like any other HTTP response. Go to the IS Admin Extended Settings and set:
watt.net.http401.throwException=false
Note this is a server-wide setting, so it will affect all your applications/services that use pub.client:http.
According the comment from #Hugo Ferreira probably there are ACL restriction whether inside your webMethods environment, or your client URLs.
Things you should consider:
Do your webMethods server located inside closed environment wherein need to get connected to proxy to get to the outgoing request. Which is likely you can investigate by run web-browser program directly from your wM server towards the URL address (i.e using SSH to run firefox in my case and popup appeared)
The client that your request will go to, have HTTP for authentication requests
Solution
To pass this all you need to do is input the auth user/password or any other auth mechanism i.e kerberos, token, etc. inside the pub.client:http