如何安全设置SB消息传递适配器凭据? [英] How can I set SB-Messaging adapter credentials securely?
问题描述
我正在开发一种解决方案,其中涉及使用BizTalk SB-Messaging适配器从Azure服务总线队列中读取消息.我正在使用BizTalk部署框架在没有用户输入的情况下部署应用程序.
I am developing a solution which involves reading messages from an Azure service bus queue using the BizTalk SB-Messaging adapter. I am using the BizTalk Deployment Framework to deploy the application without user input.
某些适配器可以选择使用单点登录"数据库来获取外部系统的凭据(选项使用SSO"). SB-消息传递适配器不具有此功能,并且要求在UI中输入该服务的ACS(访问控制服务)或SAS(共享访问密码)凭据(在这种情况下为队列). BTDF也可以通过在绑定文件中输入它们来设置它们(这些特殊属性vt="[number]"上有一个属性,除非覆盖,否则它们将被忽略,这可能会阻止开发人员以明文形式存储凭据.
Some adapters have an option to acquire credentials for external systems using the Single Sign-On database (option 'Use SSO'). The SB-Messaging adapter doesn't have this feature, and requires that either ACS (Access Control Service) or SAS (Shared Access Secret) credentials for the service (in this case a queue) are entered in the UI. BTDF can also set them by entering them in the binding file (there is an attribute on those particular properties vt="[number]" which causes them to be ignored unless overriden, presumably to discourage the developer from storing credentials in cleartext.
如何在不以明文形式保存服务总线凭据的情况下进行设置?对于这种情况,我认为任何写入磁盘或保留在源代码管理中的数据都是明文,这意味着创建包含这些凭据的绑定文件是不可接受的.
How can I set the service bus credentials without them being kept in cleartext? For this scenario I consider any data written to disk or kept in source control to be cleartext, which means creating a bindings file containing these credentials is not acceptable.
理想情况下,我希望它能够以与支持SSO的适配器相同的方式工作.这可能吗?
I would ideally like this to just work, in the same way as the adapters which do support SSO. Is this possible?
(顺便说一句,欢迎任何知道Microsoft为什么显然不愿意执行此操作的人发表意见)
(As an aside, anyone who knows why Microsoft apparently didn't bother to implement this would be welcome to air their views)
推荐答案
是的,大多数适配器都支持SSO关联应用程序或对用户名凭据使用单一登录,但是它们都不支持 ACS , SAS 或代理设置(请参见下表)
Yes the majority of the Adapters support SSO Affiliate applications or Use Single Sign-On for User Name credentials, however none of them support SSO Affiliate for ACS, SAS or for Proxy settings (see table below)
似乎不支持用户名"凭据的SSO附属设置的是旧适配器,而奇怪的是最新的适配器.
It seems the ones that don't support SSO Affiliate settings for the User Name credential are either the very old adapters, and strangely enough the newest ones.
没有ACS,SAS或Proxy设置的SSO会员设置,这似乎是他们根本没有想到的事情.
Not having the SSO Affiliate settings for ACS, SAS or Proxy settings would look to be something they just didn't think about doing.
所以回答您的问题.不,似乎无法与此适配器一起使用SSO Affiliate,因为您甚至没有像使用WCF适配器那样可以选择添加自定义行为,这就是我们实现oAuth行为以使用SSO的方式会员获取凭证& WCF-WebHttp发送给Salesforce的秘密.
So to answer your question. No, it does not look to be possible to use SSO Affiliate with this adapter as you don't even have the option of adding a custom behavior as you can do with the WCF adapters, which is how we implemented a oAuth behavior to use SSO Affiliates to get the credentials & secrets for a WCF-WebHttp to Salesforce.
另请参见 BizTalk Server 2013 R2:没有单一登录功能的适配器和 使用单一登录或SSO关联(BizTalk 2013R2)
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| Adapter | Receive | | | | | Send | | | |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| | Use | SSO | ACS/ | Proxy | Endpoint | SSO | ACS/ | Proxy | Endpoint |
| | SSO | Affiliate | SAS | | Behaviour | Affiliate | SAS | | Behaviour |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| File | No | No | - | - | - | No | - | - | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| FTP | No | Yes | - | No | - | Yes | - | No | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| HTTP | Yes | - | - | - | - | Yes | - | No | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| MQSeries | No | - | - | - | - | Yes | - | - | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| MSMQ | No | No | - | - | - | No | - | - | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| POP3 | No | No | - | - | - | - | - | - | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| SB-Messaging | No | - | No | - | - | - | No | - | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| SFTP | No | No | - | No | - | No | - | No | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| SMTP | - | - | - | - | - | No | - | - | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| SOAP | Yes | - | - | - | - | Yes | - | No | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| SQL | No | No | - | - | - | No | - | - | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-BasicHttp | Yes | - | - | - | in WCF-Custom | Yes | No | No | in WCF-Custom |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-BasicHttpRelay | No | - | No | - | No | Yes | No | No | No |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-Custom | Yes | Yes | - | - | Yes | Yes | No | No | Yes |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-CustomIsolated | Yes | Yes | - | - | - | - | - | - | - |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-NetMsmq | - | - | - | - | in WCF-Custom | Yes | - | - | in WCF-Custom |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-NetNamedPipe | Yes | - | - | - | in WCF-Custom | - | - | - | in WCF-Custom |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-NetTcp | Yes | - | - | - | in WCF-Custom | Yes | - | - | in WCF-Custom |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-NetTcpRelay | No | - | No | - | - | Yes | No | - | No |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-OracleDB | Yes | Yes | - | - | Yes | Yes | - | No | Yes |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-OracleEBS | Yes | Yes | - | - | Yes | Yes | - | No | Yes |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-SQL | Yes | Yes | - | - | Yes | Yes | - | No | Yes |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-WebHttp | Yes | - | - | - | Yes | Yes | No | No | Yes |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| WCF-WSHttp | Yes | - | - | - | in WCF-Custom | Yes | No | No | in WCF-Custom |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
| Windows | No | No | - | - | - | No | - | - | - |
| Sharepoint Server | | | | | | | | | |
+---------------------+---------+-------------+-------+-------+---------------+-------------+-------+-------+---------------+
这篇关于如何安全设置SB消息传递适配器凭据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
