BizTalk Server advanced WCF custom binding techniques and challenges

Posted: March 13, 2017  |  Categories: Uncategorized
Tags:

Working in secure channel with SOAP and WCF sometime could be a very complex activity.
BizTalk Server provides many adapters able to cover any requirement and in case of very complex challenge we can use the WCF-Custom adapter to implement more complex and specific binding settings with very high granularity.

You can download the entire article as a PDF document.
BizTalk Server Advanced WCF Custom Binding Techniques And Challenges

The biggest issues are normally related to the binding (security), customization and troubleshooting.

Binding

Sometime we need to face very complex security challenges and the strategy to use to solve the challenge quick as possible is critical.

In case of complex binding the best strategy to use is using a .Net approach in the first step and switching in BizTalk in a second time.

We can use a classic sample as below, a mutual certificate authentication in SOAP 1.2 and TLS encryption with a Java service.

I see two main advantages using the .Net configuration file approach:

  1. Intellisense

Visual Studio provides a very useful intellisense approach and it’s very easy to extend and change the binding and test it very quickly.

  1. Documentation and support

In a security challenge the possibility to use the web resources in the web space is crucial, most of the documentation is related on using the WCF .Net approach and you will find a lot of samples using Web.config or App.Config file approach.
For that reason a .Net approach is faster and easier to use and test.

A binding section for mutual certificate via TLS looks as below.

<bindings>

<customBinding>

<binding
name=”MyBinding“>

<security
requireSignatureConfirmation=”false


authenticationMode=”MutualCertificate


enableUnsecuredResponse=”true


allowSerializedSigningTokenOnReply=”false


defaultAlgorithmSuite=”Basic256Sha256


messageSecurityVersion=”WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10


securityHeaderLayout=”Lax“>

<secureConversationBootstrap
requireSignatureConfirmation=”false” />

</security>

<textMessageEncoding
messageVersion=”Soap12writeEncoding=”utf-8“></textMessageEncoding>

<httpsTransport
requireClientCertificate=”true


authenticationScheme=”Negotiate


useDefaultWebProxy=”true


manualAddressing=”false” />

</binding>

 

And below the behaviour section.

<behavior
name=MyBehaviour“>

<clientCredentials>

<clientCertificate
findValue=”mydomain.westeurope.cloudapp.azure.comstoreLocation=”LocalMachinestoreName=”Myx509FindType=”FindBySubjectName” />

<serviceCertificate>

<defaultCertificate
findValue=” mydomain -iso-400storeLocation=”LocalMachinestoreName=”TrustedPeoplex509FindType=”FindBySubjectName” />

</serviceCertificate>

 

</clientCredentials>

</behavior>

When we are sure about our tests and that everything is running we I can easily switch using BizTalk Server and create the custom bindings.

The WCF custom adapter in general provides the same sections, what we need to do is create a WCF-Custom adapter and a Static Solicit Response Send Port, after that we can easily insert our bindings and behaviors.

 

In case of specific settings we can import the bindings as well , a great feature offered by BizTalk is the possibility to import and export our bindings, in this way we can easily experiment very fast any complex binding and import this binding in our WCF-Custom adapter in a second time.

 

You can download the entire article as a PDF document.
BizTalk Server Advanced WCF Custom Binding Techniques And Challenges

Customization

Sometime external services require very complex customization and we need to override protocol or messaging behaviour in the channel, for instance some service doesn’t accept the mustUnderstand in the SOAP header

or we need to impersonate a specific user by certificate in the header or just manage a custom SOAP header.
I’m my experience best strategy to use is developing the custom behaviour in a WCF .Net project, this is the faster way to test the WCF behavior without we need to manage GAC deployments, Host Instances restarts and so on.
when the WCF behavior works we can easily configure it in the BizTalk port.

Using a .Net approach we need to add the WCF behavior by reference.

Configure it in .config file and test/debug it.

When everything is working, we will be able to add the behavior in BizTalk adding the component in GAC and adding the behavior in the BizTalk port.
The WCF-Custom BizTalk Server adapter offers a very good level of customization, selecting the bindings and behavior tabs.

 

Troubleshooting

 

The most complex side in this area is the security and the messaging inspection, I recommend two things to do for troubleshooting, one using Fiddler or WireShark and the second the WCF logging, I recommend to use together as they compensate them each other.

Fiddler is a very powerful free tool, easy to use, just run it and use it.
In case of BizTalk Server we need to configure the framework to use Fiddler, at this point BizTalk offers many easy ways to do that.

By the port if we like to affect the port only.

 

By the adapter host handler if we want to affect to all the artefacts under it.

 

For deep level sniffing and we need to sniff Net TCP or other protocols I recommend WireShark, a bit more complex to use but this is the tool.

To configure the WCF logging we simply need to add the section below in the BizTalk configuration file to affect BizTalk services only, in the Machine config file if we want to affect all the services in the entire machine or in the Web.Config to affect the specific service.

<!– DIAGNOSTICS –>

<system.diagnostics>

<sources>

<source
name=”System.ServiceModel.MessageLogging” >

<listeners>

<add
type=”System.Diagnostics.DefaultTraceListenername=”Default” >

<filter
type=”” />

</add>

<add
initializeData=”c:\logs\messagesClient.svclogtype=”System.Diagnostics.XmlWriterTraceListener


name=”messagestraceOutputOptions=”None” >

<filter
type=”” />

</add>

</listeners>

</source>

<source
propagateActivity=”truename=”System.ServiceModelswitchValue=”Error,ActivityTracing“>

<listeners>

<add
type=”System.Diagnostics.DefaultTraceListenername=”Default“>

<filter
type=”” />

</add>

<add
name=”ServiceModelTraceListener“>

<filter
type=”” />

</add>

</listeners>

</source>

</sources>

<sharedListeners>

<add
initializeData=”c:\logs\app_tracelogClient.svclogtype=”System.Diagnostics.XmlWriterTraceListener, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089


name=”ServiceModelTraceListenertraceOutputOptions=”Timestamp” >

<filter
type=”” />

</add>

</sharedListeners>

</system.diagnostics>

 

You can download the entire article as a PDF document.
BizTalk Server Advanced WCF Custom Binding Techniques And Challenges
Author: Nino Crudele

Nino has a deep knowledge and experience delivering world-class integration solutions using all Microsoft Azure stacks, Microsoft BizTalk Server and he has delivered world class Integration solutions using and integrating many different technologies as AS2, EDI, RosettaNet, HL7, RFID, SWIFT.

  • Hi Nino,
    great post, very useful and examples are very helpful.

    I have one question for that – what about connection to services like SalesForce with TLS 1.2 where we need to get security token first?
    I gave up on configuring send port and created own web service on IIS that gets the token and calls SalesForce, and from BizTalk I’m calling my service first.

    Best regards,
    Michał
    integrationexpert.net

  • David Grospelier

    Hi Nino,
    I have a question regarding the deployment of Behaviours / MessageInspectors, …
    We have 2 options to deploy them: put the configuration in the machine.config file or put the configuration in the WCF Extensions tab of the Receive or Send Handler.
    For these 2 options, none can be automatized via Release Management for example…. Do you know if we can do something about that?
    Thanks.

    David GROSPELIER (MiddleWay)

One Platform Operations, Monitoring and Analytics Software
BizTalk360

microsoft biztalk

Learn more

Over 500 customers across 30+ countries depend on BizTalk360

ServiceBus360

Azure service bus

Learn more

Start managing your Azure Service Bus namespaces in minutes

One Platform - Operations, Monitoring and Analytics Software
BizTalk360

microsoft biztalk

Learn more

Over 500 customers across 30+ countries depend on BizTalk360

One Platform - Operations, Monitoring and Analytics Software
ServiceBus360

Azure service bus

Learn more

Start managing your Azure Service Bus namespaces in minutes

Back to Top