BizTalk and Enterprise Single Sign-On Best Practices? - biztalk

I developed a BizTalk 2010 application that receives files from a ftp server, elaborates these files and sends them to another ftp server.
About Receive step, authentication is made using ESSO. I created two Affiliate Application, one for each ftp server storing credentials.
In Send step I created a method in a C# class library that is responsible for SSO ticket issuing. So before the send shape, orchestration calls the IssueSSOTicket method that returns an SSO ticket and it attaches it to the message using BTS.SSOTicket context property.
Everything works fine, but sometimes I get the error: A message sent to adapter "FTP" on send port "SendPortName" with URI "ftp://[ipaddress]:[port]/[path]/%SourceFileName%" is suspended. Error details: A failure occurred when retrieving the SSO ticket.
Someone knows if there are some best practices in order to manage this scenario?
Thanks!
Massimo

If you can reproduce the problem locally, then you should be able to debug your custom assembly code that issues the SSO ticket by attaching to the BTSNTSvc process.
Here is a nifty post that describes how to attach Visual Studio's debugger to the BizTalk process and figure out which BizTalk process to attach to (if you have more than one): http://biztalkmessages.vansplunteren.net/2010/01/05/retrieve-the-btsntsvc-exe-pid-with-powershell/
If you can't do that, then how about posting the complete stack trace here?

Related

IIS Configuration for Rest Service Client

In Company where I work, we have an ASP.NET web application that is hosted on IIS server and binded already with CertificateA. This certificate is owned by the company.
There is another Company let say CompanyB that is providing some Rest API service based on paid subscription.
CompanyB provides subscribers with CertificateB and ask them to send CirtificateB along with the http request when invoking the Rest service.
We have subscribed and received a copy of the CertificateB.
We imported CertificateB on the server and uses Restsharp package from NuGet library to achieve the goal.
It works perfectly and get the proper response when I run the application from within Visual Studio.
However, when I publish it on IIS and run the application I am getting error says:
"The request was aborted: Could not create SSL/TLS secure channel."
Provided that both IIS and visual studio installed on the same machine.
As I said the binding of our web application is already using CertificateA.
Is there any configuration on IIS need to be done regarding CertificateB.
Thank u
I wish we get rid of this error
I got the issue resolved. All I have to do is to give the right permission to the application pool identity to be able to access the certificate.

Biztalk 2009: Redirect a message to a different web service

Current State: BizTalk receive message via Web Service A (hosted on the same machine). BizTalk process the message and send it to backend.
Future State: BizTalk still receive message via Web Service A. If a field inside the message matches a certain value, BizTalk needs to send the message to a different web service (Web Service) on another server. Else, proceed with existing flow.
BizTalk is required as a middleware between Application and Web Service B due to network connection. Server for Web Service B only accept TLS1.2 which Application Server yet to support.
Is it possible to reroute the message even before it enter the first orchestration?
Kindly provide best way to do it with detail guidance on changes required or point to existing question or documentation if any.
p/s: Newbie to BizTalk. Let me know if further information need to be provided.
Yes, quite possible
Promote the field that you wish to route on in the schema
Set the filter expressions on the send ports that look at this promoted property
Note: For TLS 1.2 you will need a Custom End Point behaviour on the send port to specify to use TLS 1.2.
As #Dijkgraaf says, you can use Promote field on the schema and then use filter expressions on the send ports to redirect the incoming message to the new Web Service B.
If you need an Orchestration to implement some process before send to the Web Service B, you can use Filter Expression property of the first Receive Shape, to catch the messages with the Promoted Property value that you need.

SignalR: Reply to Web Forms client on same machine as web application originating request

I'm looking for a way to support the following process:
Button is clicked in web application running on machine named PC1234.
Call is made to server (either the web server or an API on another server, it doesn't matter) to Do Something.
The server sends a notification to a Windows Forms client installed on PC1234 that the action is complete.
I've got the easy part working using SignalR. I can call a method on the web server and then send a notification with SignalR to ALL clients that the method has completed. The problem is notifying ONLY the client on the originating machine.
My initial plan was to include some unique identifying attribute of the machine with the call to the server which could then be used to direct the SignalR notification back to just that machine, but that doesn't seem to be possible.
An alternative idea was to have the call to the server include a unique reference and also update a file locally (i.e. a Cookie) with that reference, then have the client app poll the Cookie for new references and filter all SignalR messages received for that unique reference. This would be a bit clunky even if it worked, which it doesn't really, not least because I want this to work cross-browser, and different browsers store cookies in different places.
Ultimately this is to support printing locally and silently from a web application. The user selects a document in the web application, hits a print button, the request is sent to the server which retrieves the document from the database, saves it to a network share and sends a notification to a client app on the machine from which the print request was generated. The client app then prints the document from the network share and deletes it.
I never found a way to do exactly what I described in my question, but I came up with an alternative which worked well enough.
In both my web application and my Windows Forms client, the user was logged in with the same Windows credentials. I was therefore able to have the server respond to the button click in the web application by broadcasting a SignalR message to all SignalR clients where the same user was logged in, using
Clients.User(userId).send(message)
See this article for more detailed examples and instructions.
In my Windows Forms client, I included code to track how many instances of the client were connected to the SignalR Hub with the same user credentials and code to handle the receipt of a SignalR message from the server when multiple client instances were connected with the same user details (in my case, this meant displaying a message saying something like "You've requested a print from the web application but you're logged in at multiple workstations. Do you want the document to print here?").

Consume java web service from .NET Web Service and/or asp.net web application

I'm trying to consume a Java Web Service from third party, so i dont have any control over it. I have a pfx file which is password protected, and i installed it in my development box.
This is the code i'm using:
var proxy = new MyServiceReference.WsaaServerBeanService();
var result = proxy.login("test");
I'm getting System.Net.Sockets.SocketError.TimedOut exception when invoking the login web method. The first thing that come to my mind is an authentication issue. Apart from installing the pfx, do i need to send some other info to the web server to authenticate?
System.Net.Sockets.SocketError.TimedOut
Does not indicate an authentication issue, it indicates that you either are not able to contact the remote web service endpoint, or you are and the service is taking too long to respond. Make sure you can actually hit the endpoint from your machine via telnet, a web browser etc...
Authentication failures will usually return immediately.

Web service scenario in BizTalk server

I am new to BizTalk server and I want to know that is it possible to communicate with bizTalk like a web server? My scenario is like this.
I have a application in silverlight that will send request to biztalk (web service or http) with some parameter, biztalk will send that request to third party web service, third party web service will give response to Biztalk, this response will be sent back to my silverlight application.
Is this possible? if yes can anybody give me an article that help in creating this type of application.
Yes - Use the SOAP adapter and a web service port
Service Station from MS
You will need to create an orchestration and a map (if the schema are different between the 2 services) to handle the actual passing of Messages between the 2 web services.
First Steps in Orchestrations
Creating Maps in BizTalk
and a good guide and tutorial for Webservices here
Calling biztalk webservice from Silverlight
http://weblogs.asp.net/jgalloway/archive/2007/06/14/calling-an-asmx-webservice-from-silverlight-use-a-static-port.aspx
Yes. You can set up an HTTP Receive Port and handle straight XML messages from SilverLight and then pass back whatever message SilverLight requires (be sure to use a 2-Way Receive/Send Port). The bigger question here is why? Why not talk to the far end web service directly from SilverLight? Is BizTalk adding any value here? Are you including BizTalk as an abstractionlayer for future functionality? Is BizTalk some how enriching the messages?
My questions are the same as ChrisLoris.. Why use Biztalk here? If its just to call Service A and then B and deliver information back to the silverlight app, I would rather create acustom .net .dll to handle it. If you really want to have a workflow you can use WorkflowFoundation..
I found the solution for this problem. You need to install the certificate in the user store of the user under which biztalk host instance is running and also grant access to private key of the certificate using winhttpcertcfg tool.
1)Open the mmc using runas /user:<> mmc
and import the certificate into the user store.
2)winhttpcertcfg -g -c LOCAL_MACHINE\My -s <> -a <>
These two steps should do the trick.

Resources