Close
HomeBizTalkWCF-Custom Send Port MutualSSL with WS-Security
BizTalk / Services (WCF/REST)

WCF-Custom Send Port MutualSSL with WS-Security

admin 2020 views

I had to define a WCF send port connecting to a service that used mutual SSL and Web Service Security. I had to use a WCF-Custom send port because the service was using Soap 1.1, not Soap 1.2. In the latter case I could have used a WCF-wsHttp binding.

Before creating the BizTalk send port, make sure the following prerequisites are set:
– The client certificate (with private key, i.e. pfx certificate) is installed in the LocalMachine / Personal Store.
– Right click the certificate. Select All Tasks / Manage Private Keys. Add te BizTalk Application Users group and give them full control rights. If you don’t perform this step, you might run into an error: System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority ‘generic-interface-huprd-ssl-route-hu.xpaas.caci.nl:8888’. —> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
– The server certificate (with public key, i.e. cer/crt certificate) is installed in the LocalMachine / Trusted People Store.

Now create a BizTalk sendport and select WCF-Custom.

Configure the WCF-Custom adapter:

General tab:

  • Address: https://…
  • BtsActionMapping: http://www.stichting-vera.nl/StUF/verticaal/woonruimteverdeling/0301/wrveenLk01 (in this case we only have one operation)
    Alternative:
    <BtsActionMapping xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema”>
    <Operation Name=”SndWRVEenLk01″ Action=”http://www.stichting-vera.nl/StUF/verticaal/woonruimteverdeling/0301/wrveenLk01″ />
    </BtsActionMapping>

Binding tab:

  • Select Binding Type: customBinding
    Add the following extensions (in the prescribed order):

    • textMessageEncoding
      MessageVersion=Soap11
    • security
      AuthenticationMode: UserNameOverTransport
      DefaultAlgoritmSuite: Default
      MessageProtectionOrder: SignBeforeEncryptAndEncryptSignature
      IncludeTimeStamp = False
    • httpsTransport
      RequireClientCertificate=true
      AuthenticationScheme=Basic

Behavior tab:

  • Add EndpointBehavior ClientCredentials
    • ClientCertificate
      LocalMachine/My
      FindBySubjectName
      findValue: user@bedrijf.nl
    • Service certificate / Default certificate
      LocalMachine/TrustedPeople
      FindBySubjectName
      findValue: bedrijf.nl

Credentials tab:

  • Do not use single sign-on
    Enter the credentials as provided by the service provider

You Might Also Like