I had to define a WCF send port connecting to a service that used mutual SSL and Web Service Security. I had to use a WCF-Custom send port because the service was using Soap 1.1, not Soap 1.2. In the latter case I could have used a WCF-wsHttp binding.
Before creating the BizTalk send port, make sure the following prerequisites are set:
– The client certificate (with private key, i.e. pfx certificate) is installed in the LocalMachine / Personal Store.
– Right click the certificate. Select All Tasks / Manage Private Keys. Add te BizTalk Application Users group and give them full control rights. If you don’t perform this step, you might run into an error: System.ServiceModel.Security.SecurityNegotiationException: Could not establish secure channel for SSL/TLS with authority ‘generic-interface-huprd-ssl-route-hu.xpaas.caci.nl:8888’. —> System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
– The server certificate (with public key, i.e. cer/crt certificate) is installed in the LocalMachine / Trusted People Store.
Now create a BizTalk sendport and select WCF-Custom.
Configure the WCF-Custom adapter:
General tab:
- Address: https://…
- BtsActionMapping: http://www.stichting-vera.nl/StUF/verticaal/woonruimteverdeling/0301/wrveenLk01 (in this case we only have one operation)
Alternative:
<BtsActionMapping xmlns:xsi=”http://www.w3.org/2001/XMLSchema-instance” xmlns:xsd=”http://www.w3.org/2001/XMLSchema”>
<Operation Name=”SndWRVEenLk01″ Action=”http://www.stichting-vera.nl/StUF/verticaal/woonruimteverdeling/0301/wrveenLk01″ />
</BtsActionMapping>
Binding tab:
- Select Binding Type: customBinding
Add the following extensions (in the prescribed order):- textMessageEncoding
MessageVersion=Soap11 - security
AuthenticationMode: UserNameOverTransport
DefaultAlgoritmSuite: Default
MessageProtectionOrder: SignBeforeEncryptAndEncryptSignature
IncludeTimeStamp = False - httpsTransport
RequireClientCertificate=true
AuthenticationScheme=Basic
- textMessageEncoding
Behavior tab:
- Add EndpointBehavior ClientCredentials
- ClientCertificate
LocalMachine/My
FindBySubjectName
findValue: user@bedrijf.nl - Service certificate / Default certificate
LocalMachine/TrustedPeople
FindBySubjectName
findValue: bedrijf.nl
- ClientCertificate
Credentials tab:
- Do not use single sign-on
Enter the credentials as provided by the service provider