Windows authentication with WCF-NetTcp adapter

I have a WCF-NetTcp receive location and I like to set it up with Windows Authentication. (transport security)
IIS or WAS is not used so the receive port is self-hosted.
I would like to configure a certain user or group that has permission to send messages to this receive location. All other users/groups must be denied acces. How do I achieve this? I know how to configure windows authentication in the binding but I cannot
find a way to configure a specific user or group.
I am using BizTalk Server 2010.

Hi,
You should implement a custom behavior extension to achieve this.
See
here for an example.
Regards,
René
Thanks, I was already looking in this direction but was hoping this could have been done easier.

Similar Messages

  • Windows authentication with oracle9i

    Hi,i am working on windows authentication with oracle9i.my client server is connecting and client can access the database.now can you please guide me the steps for windows authentication in brief.i will appreciate that.

    can u plz help me how to ser OS_roles value to true.

  • Problem with WCF-Custom adapter (WS HTTP Binding with reliable messaaging) - Error event logged, even though transaction completed Sucessfully

    Hi All
    I am using WCF-Custom (WS HTTP Binding) with Message security as Windows and using Reliable messaging in the send port. Its a static Port. 
    Every thing works fine as expected for the interface. ie the transaction is success. After a min of the transaction completion. I am getting the following error
    01. I have not checked Propagate Fault message (as a solution provided in another blog)
    02. Its a static Port
    03. I am using reliable messaging
    The below error events are logged in the event viewer
    The Message Engine Encountered an error while suspending one or more Messages ( ID 5677)
    Event  ID : 5796
    The transport proxy method MoveToNextTransport() failed for adapter WCF-Custom: Reason: “Messaging engine has no record of delivering the message to the adapter. This could happen if MoveToNextTransport() is called multiple times for the same message by
    the adapter or if it is called for a message which was never delivered to the adapter by the messaging engine”. Contact the adapter vendor
    Should I have log this issue with Microsoft through Service request ? or is there any work around is there. Unfortunate is I cannot remove the reliable messaging from the service.
    Arun

    Hi,
    Is there any solution to this problem?
    I am getting the same issue "The transport proxy method MoveToNextTransport() failed for adapter WCF-NetTcp: Reason: "Messaging engine has no record of delivering the message to the adapter.
    This could happen if MoveToNextTransport() is called multiple times for the same message by the adapter or if it is called for a message which was never delivered to the adapter by the messaging engine". Contact the adapter vendor"
    I checked this link http://rajwebjunky.blogspot.be/2011/09/biztalk-dynamic-request-response-port.html, but
    in my case i am not using dynamic port.
    In my scenario, i have a number of dehydrated orchestrations that become active every Monday 6:00 AM UTC and make to calls to a WCF service, to spread out the load I have implemented a load distribution logic where orchestrations send request to service
    in every 1 minute (not at the same time). but still i get this error sometime.
    I have opened a ticket with MS support but thought that someone might have already found the root cause.
    Let me know if there is one.
    Thanks,
    Rahul
    Best Regards, Rahul Dubey MCTS BizTalk Server

  • Certificate based authentication with sender SOAP adapter. Please help!

    Hi Experts,
       I have a scenario where first a .Net application makes a webservice call to XI via SOAP Adapter. Then the input from the .Net application is sent to the R/3 system via RFC adapter.
    .Net --->SOAP -
    >XI -
    >RFC -
    R/3 System
    Now as per client requirement I have to implement certificate based authentication in the sender side for the webservice call. In this case the .Net application is the "client" and XI is the "server". In other words the client has to be authenticated by XI server. In order to accomplish this I have setup the security level in the SOAP sender channel as "HTTPS  with client authentication". Additionally I have assigned a .Net userid in the sender agreement under "Assigned users" tab.
    I have also installed the SSL certificate in the client side. Then generated the public key and loaded it into the XI server's keystore.
    When I test the webservice via SOAPUI tool I am always getting the "401 Unauthorized" error. However if I give the userid/password for XI login in the properties option in the SOAPUI tool then it works fine. But my understanding is that in certificate based authentication, the authentication should happen based on the certificate and hence there is no need for the user to enter userid/password. Is my understanding correct? How to exactly test  certificate based authentication?
    Am I missing any steps for certificate based authentication?
    Please help
    Thanks
    Gopal
    Edited by: gopalkrishna baliga on Feb 5, 2008 10:51 AM

    Hi!
    Although soapUI is a very goot SOAP testing tool, you can't test certificate based authentication with it. There is no way (since I know) how to import certificat into soapUI.
    So, try to find other tool, which can use certificates or tey it directly with the sender system.
    Peter

  • SQL Windows Authentication with Login of AD Group 'Domain Admins'

    Having a bit of a difficulty with Microsoft SQL Server 2012 windows authentication integration...
    The server is setup to have Windows authentication used as its means of login authentication. No issues with this other than a strange error that occurs on multiple SQL servers in our domain: 
    When a login is created for domain group "[domain]\Domain Admins", users within this AD group cannot connect to the SQL server through the Management Studio. The error that SQL server gives is Error 18456, Sate 11, i.e. "Valid login but server
    access failure"
    However when a different AD group is added as a login (like [domain]\[group]), users from this group can successfully log into SQL server. It seems that adding any other group, even groups from a different domain, grants successful authentication as I would
    expect EXCEPT the AD group 'Domain Admins".
    Is there some restriction/security feature at play here on this AD group that makes using the 'Domain Admins' group as a login not possible? 
    Andrew

    Yes, this group was removed and readded just yesterday to try to fix the issue.
    Here is the output of the command:
    class
    class_desc
    major_id
    minor_id
    grantee_principal_id
    grantor_principal_id
    type
    permission_name
    state
    state_desc
    105
    ENDPOINT
    2
    0
    2
    1
    CO  
    CONNECT
    G
    GRANT
    105
    ENDPOINT
    3
    0
    2
    1
    CO  
    CONNECT
    G
    GRANT
    105
    ENDPOINT
    4
    0
    2
    1
    CO  
    CONNECT
    G
    GRANT
    105
    ENDPOINT
    5
    0
    2
    1
    CO  
    CONNECT
    G
    GRANT

  • Integrated Windows Authentication with a WebSphere Cliente

    Hi all,
    I need to write a web service client that connects to a .NET Web Service that is configured to use Integrated Windows Authentication (NTLM).
    I'm using the IBM WebSphere Runtime environment for the client and using the web service client wizard in the RSD 6.0.1.
    When I try to call a method in the .NET web service, I get the error shown below. If I configure the .NET web service to permit Anonymous Access, my client works fine.
    Does anybody know if the WebSphere web services engine supports Integrated Windows Authentication? If so, how can I configure my cliente to pass my credentials? Do people use this type of authentication if the web service will be called by non Windows clientes or is it better to use Basic Authentication with HTTPS or digital certificates?
    I've read that Apache Axis can be configured to use integrated windows authentication (http://people.etango.com/~markm/archives/2005/11/21/using_apache_axis_with_integrated_windows_security.html) by using a different HTTP transport class (CommonsHTTPSender).
    Thanks in advance!
    Craig
    [14/06/06 10:06:56:805 GMT-03:00] 00000031 enterprise I WSWS3243I: Info: Mapping Exception to WebServicesFault.
    [14/06/06 10:06:56:821 GMT-03:00] 00000031 enterprise I TRAS0014I: The following exception was logged WebServicesFault
    faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
    faultString: java.lang.StringIndexOutOfBoundsException
    faultActor: null
    faultDetail:
    java.lang.StringIndexOutOfBoundsException
         at com.ibm.ws.webservices.engine.WebServicesFault.makeFault(WebServicesFault.java:179)
         at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:490)
         at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:218)
         at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:218)
         at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:274)
         at com.ibm.ws.webservices.engine.client.Connection.invokeEngine

    Here's a project ( [http://spnego.sourceforge.net/protected_soap_service.html|http://spnego.sourceforge.net/protected_soap_service.html] ) that shows how to write a soap client that can connect to a soap web service with integrated windows authentication turned on.

  • Issue with WCF-Custom adapter polling Oracle db

    Hi,
    I have a scenario where BizTalk connects to Oracle db using WCF-custom adapter with OracleDbBding which has queries at P below properties:
    PolledDataAvailableStatement
    PollingStatement
    PostPollStatement
    The interface was working for more than 2 years, but when oracle server is moved from prod to DR server, it started throwing crazy errors.I have gone thru many blogs there seems to no definitive answer or solution for this.
    I have been getting below errors:
    The adapter "WCF-Custom" raised an error message. Details "The faulted WCF service host at address oracledb:// could not be restarted, and as a result no messages can be
    received on the corresponding receive location. BizTalk Server will continue trying to start the service host until it succeeds or the receive location is disabled.
    The adapter "WCF-Custom" raised an error message. Details "The faulted WCF service host at address oracledb://xxxxx/?PollingId= could not be restarted, and as a result
    no messages can be received on the corresponding receive location. BizTalk Server will continue trying to start the service host until it succeeds or the receive location is
    disabled.
    To fix the problem, you may choose to:
    1. Use the error information given to fix the problem.
    2. Restart the receive location.
    3. Keep waiting for BizTalk to recycle the service host. Another event will notify if the service host is successfully started.
    Detailed error information: Microsoft.ServiceModel.Channels.Common.ConnectionException: Connection request timed out ---> Oracle.DataAccess.Client.OracleException Connection
    request timed out    at Oracle.DataAccess.Client.OracleException.HandleErrorHelper(Int32 errCode, OracleConnection conn, IntPtr opsErrCtx, OpoSqlValCtx* pOpoSqlValCtx, Object
    src, String procedure)
       at Oracle.DataAccess.Client.OracleException.HandleError(Int32 errCode, OracleConnection conn, IntPtr opsErrCtx, Object src)
       at Oracle.DataAccess.Client.OracleConnection.Open()
       at Microsoft.Adapters.OracleCommon.OracleCommonConnectionWrapper..ctor(String connectionString, OracleCommonExecutionHelper executionHelper)
       at Microsoft.Adapters.OracleDB.OracleDBConnection.Microsoft.ServiceModel.Channels.Common.IConnection.Open(TimeSpan timeout)
       --- End of inner exception stack trace ---
       at Microsoft.Adapters.OracleDB.OracleDBConnection.Microsoft.ServiceModel.Channels.Common.IConnection.Open(TimeSpan timeout)
       at Microsoft.ServiceModel.Channels.Common.Design.ConnectionPool.GetConnection(Guid clientId, TimeSpan timeout)
       at Microsoft.ServiceModel.Channels.Common.Design.ConnectionPool.GetConnectionHandler[TConnectionHandler](Guid clientId, TimeSpan timeout, MetadataLookup metadataLookup,
    String& connectionId)
       at Microsoft.ServiceModel.Channels.Common.Channels.AdapterChannelListener`1.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Open()
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfReceiveEndpoint.Enable()
       at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfReceiveEndpoint.RecycleServiceHost(Object unused)".-------------------------
    The adapter "WCF-Custom" raised an error message. Details "System.ServiceModel.CommunicationObjectFaultedException: The communication object,
    Microsoft.ServiceModel.Channels.Common.Channels.AdapterInputChannel, cannot be used for communication because it is in the Faulted state.
       at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
       at System.ServiceModel.Channels.CommunicationObject.Close()
       at System.ServiceModel.Dispatcher.ErrorHandlingReceiver.Close()".

    "Oracle.DataAccess.Client.OracleException Connection  request timed out    at Oracle.DataAccess.Client.OracleException.HandleErrorHelper(Int32 errCode, OracleConnection conn, IntPtr opsErrCtx, OpoSqlValCtx* pOpoSqlValCtx, Object 
    src, String procedure)"
    Looks like it's the Oracle client that can't connect. Can you run any queries from the Oracle tools?

  • Windows authentication with Kerberos

    Hi All,
    We have configured Kerberos for Windows Authentication for EP 7.0.
    The authentication works fine when we use the server name alone, but it fails when we use the FQDN.
    Any clues would be really helpful.
    Regards,
    Noufal

    Hi Noufal,
    When you register the Service Principal Name on the LDAP, Please make sure that you register it with your FQDN.
    Please refer the Excellent Blog series by Holger Sir here..
    http://www.sdn.sap.com/irj/scn/weblogs?blog=/pub/wlg/8235. [original link is broken]
    These blog series cover almost all the errors caused during SPNEGO configuration.
    Regards
    Hussain.

  • Windows Authentication with jCIFS

    Hello,
    I am new to jCIFS and willing to know as to how I can use windows authentication using jCIFS or any other tool/framework.
    I ran through the link - [http://jcifs.samba.org/src/docs/ntlmhttpauth.html] and developed a small web application (deployed on tomcat 5.x) which would fetch user details for me from my organization's active directory. It works fine on my machine; however when I try running the application from any other machine, it prompts me for the credentials. I want this application to authenticate the user (without user having to key in the credentials) that is logged on to the machine and fetch his/her user details. Can anyone please advise?
    Thanking you in anticipation.
    Here's my web.xml
    <!--l version="1.0" encoding="UTF-8-->
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="WebApp_ID" version="2.4"
    xmlns="http://java.sun.com/xml/ns/j2ee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    <display-name>AD Authentication</display-name>
    <filter>
      <filter-name>NtlmHttpFilter</filter-name>
      <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
      <init-param>
       <param-name>jcifs.http.domainController</param-name>
       <param-value>xx.xx.xx.xx</param-value>
       </init-param>
      <init-param>
       <param-name>jcifs.smb.client.domain</param-name>
       <param-value>MYDOMAIN</param-value>
      </init-param>
    </filter>
    <filter-mapping>
      <filter-name>NtlmHttpFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
    <welcome-file-list>
      <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    </web-app>
    {code}

    Here's a useful link - [http://roneiv.wordpress.com/2007/12/11/hello-world/]. This worked for me.
    Can any one let me know as to how can I retrieve user's e-mail (associated with his account) once he's authenticated? For example, if user xyz has logged in to domain mydomain then I need to fetch [[email protected]|mailto:[email protected]]
    Thanks!

  • Can I use Windows authentication with Firefox?

    My company has a website that I need to login to on a daily basis. With IE I can set up Windows Authentication to have a "single sign-on" for this website and it automatically logs me in when I open the site. I do not see any options for authentication under the Tools menu. Using Firefox's password memory does not give the same functionality.

    You can do it by adding the server host name to a list of trusted host names. Obviously you need to be very careful about not adding untrustworthy servers to the list. See this article for how: [http://support.mozilla.com/en-US/kb/Firefox%20asks%20for%20user%20name%20and%20password%20on%20internal%20sites Firefox asks for user name and password on internal sites | Troubleshooting | Firefox Help].

  • Windows Authentication in Sender Jdbc Adapter

    Hi,
    We have a sender jdbc scenario where there is no user id/passowrd maintained for the database. ONly the windows user id/password is used.
    Is it possible to connect to such a database through JDBC adapter. If so, please tell how to do that?

    Hi Aarthi,
    As per my knowledge there is not posssible to do that.
    Assumption :
    Database : MSSQL Database
    Authentication : Window only
    Solution :
    You need to change authentication type become mixed.
    There is some workaround for .NET webservices using windows domain authentication but not for JDBC.
    Regards
    Fernand

  • Integrated windows authentication with Oracle access manager 10g

    Hi SSo guys,
    Our project requirement is as follows:
    We have two applications Ebiz 11.5.10.2 and OBIEE10g and we are supposed to integrate IWA for both the applications
    so as per the below note OAM integration with IWA only works for the applications using IIS.
    So can we protect both the applications in OAM 10g and point those applications to two html pages say http://IIS hostname/ebiz and http://IIS hostname/OBIEE and protect those two resorces in OAM suing IIS webserver?
    As per the note :
    Doc ID 1072204.1 specify
    Excerpt from this doc:
    #-begin-
    OAM accomplishes IWA by using an OAM Webgate on the IIS Web Server that uses a hidden feature of external authentication to get the REMOTE_USER header variable value and map it to a DN for the ObSSOCookie generation and authorization. Behind the scenes, the IIS WebGate utilizes the UseIISBuiltinAuthentication parameter, by default, this value is false. IWA can only be achieved when this attribute is set to true on an IIS WebGate. This is not a valid parameter for any other OAM WebGate.
    #-end-

    It should be this way:
    Ebiz:
    1. Integrate OAM with OASSO
    2. Register OASSO and OID with Ebiz11.5.10.2
    3. Protect the resource in OAM
    4. Verify if authentication is successful for this resource.
    Obiee:
    1. Integrate OBIEE with OAM
    2. Verify if authentication is successful for this resource.
    IWA:
    1. Install IIS webser and webgate
    2. Create authentication scheme which protects / of IIS web server.
    Create a Form Authentication Scheme(this scheme should protect OBIEE and EBiz resource) which will have challenge redirect to IIS web server where IWA is configured and / is protected.
    Login Flow:
    1. User tries to access ebiz or obiee resource.
    2. Form Authentication Scheme will challenge redirect to IIS web server where IWA is configured.
    3. As IWA is configured. User will be automatically get ObSSOCookie.
    4. User gets redirected back to the requested resource.
    There is a My oracle support doc which talks in details about this setup.

  • Integrating windows authentication with Sun ACCESS MANAGER

    Hi,
    I have implemented sun access manager and successfully protected an application (ABC). At present iam using the SDS as the authentication and authorization directory. I login in to the machine using the network username and password which is on AD.
    I want to integrate my authentication/authorization mechanism from SDS to AD. so that when i login into the machine and open application ABC it should not ask me for the credentials; instead allow me to the homepage directly.
    How to do this.
    Thanks in advance
    Maruthi

    Hi!
    Maybe this helps you, it describes how to setup AM and policy agent to handle basic authentication protected sites. While the article is about sharepoint it should work for any application.
    http://developers.sun.com/identity/reference/techart/sharepoint.html
    Christoph

  • Difference between WCF-NetTCP and TCP/IP adapter

    What is the difference between WCF-NetTCP and TCP/IP adapter ?
    Are both work in the same way or there is any similarity in their working ?
    Prakash

    Hi Ashwin,
    Yes,I am  referring to Codeplex based community adapterhttp://tcpipbz2010.codeplex.com/ for TCP/IP
    adapter.
    As from your reply ,both adapters can perform the same task .Right ?
    Actually I am using socket programming to connect TCP/IP adapter.
    Can I do this with WCF-NetTCP adapter ?
    Prakash

  • Biztalk 2013 WCF-WebHTTP Adapter - Outbound HTTP Headers

    Hi
    I have a requirement to connect to a service using the WCF-WebHTTP adapter that requires authentication to be passed in the Headers.
    A usercode and password is sent in the intial header and a security token is returned in the response header.
    This security token is then used in the header of each subsequent call to the service.
    I could not find anything in the documentation about getting and setting the "HTTP Header" data using maps or variables or using variables in the "Outbound HTTP Headers" on the adapter transport properties.
    Any help on this would be gratefully received.
    Malcolm

    You can set the outbound HTTP header in WCF-WebHTTP adapter by 2 ways
    1) At adapter level Change adapter properties
    2)Changing Message context property at Orchestration or at pipeline
    Its been well documented here
    http://blog.codit.eu/post/2013/04/30/Using-HttpHeaders-with-WCF-WebHttp-Adapter-on-Biztalk-2013.aspx
    Thanks
    Abhishek

Maybe you are looking for

  • Assessment Cycle - Posting affected in GL Account

    Hi, The users have created the assessment cycle, specifying the Sender and Receiver Cost Centers and the fixed percentages. After executing the assessment cycle, it is noted that one of the GL Accounts is getting impacted with the running of the asse

  • Why don't i hane a "print" button on my firefox toolbar?

    When i want to print a web page I do not have access to a print button

  • Cpu Drop-in dvdMac OS X Leopard CPU Drop-in DVD.

    Just set up my brand new imac. I thought it would come with Leopard, but not so. It has Tiger. It did come with a disk called - Mac OS X Leopard CPU Drop-in DVD. But when I put in the DVD it pops back out. I tried starting on the DVD, but it pops out

  • Deleting an e-mail account?

    When I set up my wife's e-mail on her new computer (we were sharing an ibook previously), I accidently set up her .mac account as a POP account. I realized the mistake and then set her account up as a .mac account. Now, she has two accounts in her in

  • URGENT : Error PLS-00404 on wrapping

    Hi, I am trying to wrap a PL/SQL procedure included a UPDATE stmt. with a cursor for update nowait: create or replace PROCEDURE XXXXX IS   x varchar2(200);   cursor c is select * from XAD$_MODULE for update nowait; BEGIN   update XAD$_MODULE set modu