将非BizTalk WCF配置转换为BizTalk WCF-Custom终结点 [英] Translate non-BizTalk WCF config into BizTalk WCF-Custom endpoint

问题描述

我有一个正在运行的BizTalk应用程序，该应用程序当前正在使用WCF-BasicHttp适配器.它目前仅使用具有UserName凭据类型的Message Security，并且一切正常.

I have a BizTalk app up and running that is currently using the WCF-BasicHttp Adapter. It's currently using only Message security using the UserName credential type and that is all working fine.

此后一切都发生了变化，我们现在需要在传输(IIS)级别接受客户端证书来授权服务，并且仍然继续使用消息安全性对服务进行身份验证.

Things have since changed, we are now required to accept Client Certificates at the Transport (IIS) level for authorization of the service and still continue to use Message security for authentication into the service.

经过大量的痛苦和搜索，我能够基于

After much pain and searching, I was able to get this to work in a NON-BizTalk WCF environment basing my config of bits of this this post and ended up with the following customBinding configuration:

<customBinding>
    <binding name="CustomCDARequestEndpointBinding">                    
      <textMessageEncoding messageVersion="Soap11" />
      <security authenticationMode="UserNameOverTransport" />
      <httpsTransport requireClientCertificate="true" />
    </binding>
  </customBinding>

这导致WCF客户端配置如下:

This resulted in a WCF client config like so:

<customBinding>
    <binding name="CDARequestEndpoint">
      <security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport"
        requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
        <localClientSettings detectReplays="false" />
        <localServiceSettings detectReplays="false" />
      </security>
      <textMessageEncoding messageVersion="Soap11" />
      <httpsTransport requireClientCertificate="true" />
    </binding>
  </customBinding>
</bindings>
<behaviors>
  <endpointBehaviors>
    <behavior name="ohBehave">
      <clientCredentials useIdentityConfiguration="false">
        <clientCertificate findValue="6D0DBF387484B25A16D0E3E53DBB178A366DA954" storeLocation="CurrentUser"
          x509FindType="FindByThumbprint" />
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>  

这在NON-BizTalk环境中工作得很好，并且由于requreClientCertificate属性的缘故，似乎配置的关键部分是<httpsTransport requireClientCertificate="true" /> config元素.问题是，无论我如何尝试，都无法在BizTalk WCF-Custom/customBinding配置中找到类似的设置.我无法添加<httpsTransport>绑定元素扩展，因为它在BizTalk中作为on选项不存在

This works perfectly fine in a NON-BizTalk environment and it seems to be the critical piece of configuration is the <httpsTransport requireClientCertificate="true" /> config element because of the requreClientCertificate attribute. The problem is, no matter what I try, I cannot find a similar setting in the BizTalk WCF-Custom/customBinding configuration anywhere. I can't add the <httpsTransport> binding element extension because it doesnt' exist as on option in BizTalk

有人知道我在这里有什么选择吗?

Does anyone know what my options are here?

• 我可以直接编辑web.config吗?
• 是否可以添加另一个扩展以在BizTalk GUI中实现相同的效果?
• 我可以在业务流程中编写一些代码来按照我的建议手动设置接收位置吗?

推荐答案

由于WCF-BasicHttp适配器仅显示某些属性，因此无法将其用于您的目的.

Because the WCF-BasicHttp Adapter only surfaces certain properties, you can't use it for your purpose.

相反:

1. 从WCF自定义适配器开始
2. BindingType = customBinding
3. 删除httpTransport
4. 添加httpsTransport(然后您将看到requireClientCertificate)
5. 添加clientCredentials行为并在凭据"标签中设置选项和凭据.

这篇关于将非BizTalk WCF配置转换为BizTalk WCF-Custom终结点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！