|
Home > Archive > BizTalk Server Orchestration > October 2005 > custom UsernameToken in SecurityHeaders with Biztalk WSE Adapter
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
custom UsernameToken in SecurityHeaders with Biztalk WSE Adapter
|
|
| asanford 2005-10-24, 10:32 am |
| Hello,
I am trying create a Biztalk 2004 Orchestration that consumes a WSE
2.0-enabled web service that utilizes WS-Security's UsernameToken. I am able
to successfully do this using the Biztalk WSE 2.0 Adapter, if I configure the
policy in the schema generation wizard to specify signing the message with a
UsernameToken, and then configure the send port to sign with a UsernameToken.
This all works, but it is not really what I want to do. I have the
following questions:
1) Instead of having the send port add the UsernameToken, how can I create
one myself in the orchestration? According to the BT WSE adapter doc, it says
that I can add a token to the SecurityHeaders context property:
WSE Send Adapter
Request message - BizTalk Adapter for WSE can use any security tokens that
are contained in this context property when you create the SOAP request for
the Web service call. The security policy determines which tokens are used in
BizTalk Adapter for WSE.
I've haven't yet been able to get this to work; I've tried the following
code in a message assignment block:
g_h1 = "<wsse:UsernameToken
xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\"
xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd\"
wsu:Id=\"SecurityToken-ac2ff48d-68b1-4c68-9a52-760b5f5ea8d7\">";
g_h2 = "<wsse:Username>sally</wsse:Username>";
g_h3 = "<wsse:Password
Type=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText\">seashells</wsse:Password>";
g_h6 = "</wsse:UsernameToken>";
g_secHeaders = g_h1 + g_h2 + g_h3 + g_h6;
Message_WSE_Cap_Request(WSE.SecurityHeaders) = g_secHeaders;
But it doesn't work; if I configure the send port to sign with a
UsernameToken, I get the data from that token instead of from the above code;
if I configure the port not to sign (but still have a policy that requires
it), then the above code still doesn't work, and I get an exception saying
the policy couldn't be enforced due to lack of a token. How do I add a my
own token?
2) this question relates to the first: I want to add a custom element in my
UsernameToken object (an additional credential field, such as "userContext".)
I've done this easily in a c# wse client application, using the following
code:
XmlDocument xDoc = new XmlDocument();
XmlElement xCoEl = xDoc.CreateElement("userContext");
xCoEl.InnerText = sUserContext;
userToken.AnyElements.Add(xCoEl);
How can I do this from Biztalk? This data will come from another XML file
(msg) available in the orch.
THanks!
| |
| WenJun Zhang[msft] 2005-10-24, 10:32 am |
| Hi,
Though both of these cannot be done directly within orchestration, you can
write your .net assembly to generate the UsernameToken (sample code can be
found in below link) and add the custom element. Then call the methods in
your orchestration to achieve it.
Securing Web Services with WSE 2.0
http://msdn.microsoft.com/msdnmag/i...ServiceStation/
Refer to the MethodCall sample about how to utilize custom .net object in
orchestration.
MethodCall (BizTalk Server Sample)
http://msdn.microsoft.com/library/d...-us/sdk/htm/ebi
z_sdk_samples_totq.asp
Best regards,
WenJun Zhang
Microsoft Online Partner Support
This posting is provided "AS IS" with no warranties, and confers no rights.
|
|
|
|
|