MIME/SMIME component Biztalk - SOAP ADapter
Jose
i have a problem when i try to use component MIME/SMIME encoder in a
pipeline which i use in send port SOAP.
it return error: Failed to serialize the message part "xml" into the type
"String" using namespace "". Please ensure that the message part stream is
created properly.
i am using the type data of Web Service which i want to send teh message, it
is a xml/text
Anybody can i help me, please?
Thanks
Tomas Restrepo [MVP]
You wouldn't really use SMIME encription with webservices; SMIME is
whole message encription/signature, which is just not compatible with
how webservices in the usual SOAP adapter stuff works.
What exactly are you trying to achieve? Are you trying to connect to a
service using WS-Security or something like that?
--
Tomas Restrepo
http://winterdom.com/
Jose
same type that the receive port of web service. In my send port i use a
assembler XML and MIME/SMIME encoder type sevenbit.
How can i use this component for signature my message?? Is possible??
Jose
i try to send message SOAP to Web Service which is waiting my signature.
i try to transmit a message of same type that web port of web service
In xml part of message is my string XML.
Is possible to do that??
Tomas Restrepo [MVP]
> i' m trying use certificate in send port for signature a message which is the
> same type that the receive port of web service. In my send port i use a
> assembler XML and MIME/SMIME encoder type sevenbit.
>
> How can i use this component for signature my message?? Is possible??
No, you can't. Again, SMIME is not used with webservices. If you've got
a web service that's asking for x509 signatures, it's most likely
requiring WS-Security, which is a completely different format, and which
the SOAP adapter doesn't support.
What BizTalk version are you running? If you're using BTS 2006 R2, then
the right option is very likely using the WCF adapters (the WSHttp
adapter, in particular).
Jose
Ok, So it is not posible use SOAP adapter With a web Service Ws-Security,
have i use WCF?
However is it possible to use adapter HTTP with SSL and thumbprint client
certificate for send my message to web service with certifcate??
Thanks in advanced
Jose
trying to learn about it, but i will appreciate any help in this way.
Thanks in advance
Tomas Restrepo [MVP]
Jose,
> Ok, i think it should solve my problem, but it's a very complex adapter. I'm
> trying to learn about it, but i will appreciate any help in this way.
Happy to help if you've got specific questions. Yes, WS-Security can be
fairly complex, but how to configure it will depend in big part in what
the service you're calling requires. Do you have any information about
this from the service developer/provider?
Jose
i have a problem with adapter WCF-WShttp, i try to invoke this service:
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:mime="http://schemas.xmlsoap.org/wsdl/mime/"
xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/"
xmlns:http="http://schemas.xmlsoap.org/wsdl/http/"
xmlns:ns1="http://org.apache.axis2/xsd"
xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl"
xmlns:ns="http://ws.sns" xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
targetNamespace="http://xxxx">
<wsdl:documentation>WSRecepcion</wsdl:documentation>
<wsdl:types>
<xs:schema attributeFormDefault="qualified"
elementFormDefault="qualified" targetNamespace="http://xxxx">
<xs:complexType name="Exception">
<xs:sequence>
<xs:element minOccurs="0" name="Exception"
nillable="true" type="xs:anyType"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Exception">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="Exception"
nillable="true" type="ns:Exception"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="recepcion">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="xml" nillable="true"
type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="recepcionResponse">
<xs:complexType>
<xs:sequence>
<xs:element minOccurs="0" name="return"
nillable="true" type="xs:string"/>
</xs:sequence>
</xs:complexType>
</xs:element>
</xs:schema>
</wsdl:types>
<wsdl:message name="recepcionRequest">
<wsdl:part name="parameters" element="ns:recepcion"/>
</wsdl:message>
<wsdl:message name="recepcionResponse">
<wsdl:part name="parameters" element="ns:recepcionResponse"/>
</wsdl:message>
<wsdl:message name="Exception">
<wsdl:part name="parameters" element="ns:Exception"/>
</wsdl:message>
<wsdl:portType name="WSRecepcionPortType">
<wsdl:operation name="recepcion">
<wsdl:input message="ns:recepcionRequest"
wsaw:Action="urn:recepcion"/>
<wsdl:output message="ns:recepcionResponse"
wsaw:Action="urn:recepcionResponse"/>
<wsdl:fault message="ns:Exception" name="Exception"
wsaw:Action="urn:recepcionException"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="WSRecepcionSoap11Binding"
type="ns:WSRecepcionPortType">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http"
style="document"/>
<wsdl:operation name="recepcion">
<soap:operation soapAction="urn:recepcion" style="document"/>
<wsdl:input>
<soap:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap:body use="literal"/>
</wsdl:output>
<wsdl:fault name="Exception">
<soap:fault use="literal" name="Exception"/>
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="WSRecepcionSoap12Binding"
type="ns:WSRecepcionPortType">
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"
style="document"/>
<wsdl:operation name="recepcion">
<soap12:operation soapAction="urn:recepcion" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
<wsdl:fault name="Exception">
<soap12:fault use="literal" name="Exception"/>
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
<wsdl:binding name="WSRecepcionHttpBinding" type="ns:WSRecepcionPortType">
<http:binding verb="POST"/>
<wsdl:operation name="recepcion">
<http:operation location="WSRecepcion/recepcion"/>
<wsdl:input>
<mime:content type="text/xml" part="recepcion"/>
</wsdl:input>
<wsdl:output>
<mime:content type="text/xml" part="recepcion"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="WSRecepcion">
<wsdl:port name="WSRecepcionHttpSoap11Endpoint"
binding="ns:WSRecepcionSoap11Binding">
<soap:address
location="http://0.0.0.0:8080/axis2/services/WSRecepcion.WSRecepcionHttpSoap11Endpoint/"/>
</wsdl:port>
<wsdl:port name="WSRecepcionHttpSoap12Endpoint"
binding="ns:WSRecepcionSoap12Binding">
<soap12:address
location="http://0.0.0.0:8080/axis2/services/WSRecepcion.WSRecepcionHttpSoap12Endpoint/"/>
</wsdl:port>
<wsdl:port name="WSRecepcionHttpEndpoint"
binding="ns:WSRecepcionHttpBinding">
<http:address
location="http://0.0.0.0:8080/axis2/services/WSRecepcion.WSRecepcionHttpEndpoint/"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
i have a prchectation with a send message and receive box which send the
message to web port which is the same that this wsdl.
i have a send pipeline with assembler XML and MIME/SMIME encoded with type
sevenbytes.
i try to use adapter WCF-WShttp for send the message, this service has a
signed which i have cofurated in the correctly in te system, this signed i
use it for signed the messsage.
how can i comfigurate the parametres of this adapter for send the message
correctly??
Is correct the implementation??
Thanks in advance
Tomas Restrepo [MVP]
> i have a problem with adapter WCF-WShttp, i try to invoke this service:
<snip>
The WSDL doesn't include policy, so that doesn't really tell us anything
about the security requirements for it.
> i have a prchectation with a send message and receive box which send the
> message to web port which is the same that this wsdl.
Does this work? I guess not.
>
> i have a send pipeline with assembler XML and MIME/SMIME encoded with type
> sevenbytes.
That for sure won't work at all. Again, do NOT use MIME/SMIME encoder
for this!
> i try to use adapter WCF-WShttp for send the message, this service has a
> signed which i have cofurated in the correctly in te system, this signed i
> use it for signed the messsage.
How did you configure the adapter?
Jose
The adapter WCF-WSHttp has configurated;
General
URI : https://........./WSRecepcion
SOAP Action header : Empty
Binding
Open timeout 00:01:00
Send timeout 00:01:00
Close timeout 00:01:00
Maximum received message size: 65,536
Encoding Message : Text
Text encoding UTF-8
No Enbled transaction
Security mode: TransportWithMessageCredential
Messahe client credential type: Certificate
Algorithm suite: TripleDES
Enable Negotiate service credential
Enable Establish security context
Client Certificate
Thumprint DDE......4343 (The public key of this certificate has been gave to
our client)
No not use proxy
Messages:
Enable Body -- Biztalk request
Enable Envelope . entire<soap:envelope>
Enable Propagate fault message
The pipeline used are DefaulXML transmit and DefaultXML Received
Thanks you very much again, i have a lot of problem with this configuration!
Tomas Restrepo [MVP]
> Hi Thomas,
>
> The adapter WCF-WSHttp has configurated;
This is a good place to start, though noticed that many of those
settings will depend very much on what the service provider uses on
their end. It would be worthwhile to ask them for details about their
security configuration.
The one thing that might give you trouble here, though, is that the
WSHttpBinding in WCF by default will do both signing and encryption of
the messages.
If you only want signing, but not encryption, things might get a bit
more complex, because there isn't anywhere in the configuration where
you can change this. Normally, in WCF you'd change the service contract
definition to specify signatures only through the ProtectionLevel
property of the [ServiceContract] attribute but that's not really an
option for you in BizTalk.
What I think you'd probably have to do is create a custom
IEndpointBehavior that changes the ProtectionLevel property on the
contract description when the ApplyClientBehavior() call is made on your
custom behavior.
Jose
i have a new behaviour for using WCF-Custom adapter, our client only need
the message signed. We have create a new class:
using System;
using System.Collections.Generic;
using System.Text;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Dispatcher;
using System.ServiceModel.Description;
using System.ServiceModel.Configuration;
using System.ServiceModel.Security;
using System.Net.Security;
using System.Configuration;
namespace In.BizTalk.Componentes
{
public class CustomProtectionLevelBehavior :
System.ServiceModel.Description.IEndpointBehavior
{
public CustomProtectionLevelBehavior(ProtectionLevel protectionLevel)
{
this.Level = protectionLevel;
}
private ProtectionLevel _Level;
/// <summary>
/// Gets or Set the level of message protection.
/// </summary>
/// <value>
/// One of <see cref="ProtectionLevel"/> enumeration values (None,
Sign or SignAndEncrypt).
/// </value>
public ProtectionLevel Level
{
get { return _Level; }
set { _Level = value; }
}
#region IEndpointBehavior Members
public void AddBindingParameters(ServiceEndpoint endpoint,
System.ServiceModel.Channels.BindingParameterCollection bindingParameters)
{
endpoint.Contract.ProtectionLevel = Level;
bindingParameters.Remove<ChannelProtectionRequirements>();
ChannelProtectionRequirements requirements = new
ChannelProtectionRequirements();
bindingParameters.Add(requirements);
MessagePartSpecification unprotectedBody = new
MessagePartSpecification();
MessagePartSpecification protectedBody = new
MessagePartSpecification(true);
switch (endpoint.Contract.ProtectionLevel)
{
case ProtectionLevel.None:
requirements.OutgoingSignatureParts.AddParts(unprotectedBody, "*");
requirements.IncomingSignatureParts.AddParts(unprotectedBody, "*");
requirements.OutgoingEncryptionParts.AddParts(unprotectedBody, "*");
requirements.IncomingEncryptionParts.AddParts(unprotectedBody, "*");
break;
case ProtectionLevel.Sign:
requirements.OutgoingSignatureParts.AddParts(protectedBody, "*");
requirements.IncomingSignatureParts.AddParts(protectedBody, "*");
requirements.OutgoingEncryptionParts.AddParts(unprotectedBody, "*");
requirements.IncomingEncryptionParts.AddParts(unprotectedBody, "*");
break;
case ProtectionLevel.EncryptAndSign:
requirements.OutgoingSignatureParts.AddParts(protectedBody, "*");
requirements.IncomingSignatureParts.AddParts(protectedBody, "*");
requirements.OutgoingEncryptionParts.AddParts(protectedBody, "*");
requirements.IncomingEncryptionParts.AddParts(protectedBody, "*");
break;
}
}
public void ApplyClientBehavior(ServiceEndpoint endpoint,
System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
{
return;
}
public void ApplyDispatchBehavior(ServiceEndpoint endpoint,
System.ServiceModel.Dispatcher.EndpointDispatcher endpointDispatcher)
{
return;
}
public void Validate(ServiceEndpoint endpoint)
{
return;
}
#endregion
}
public class CustomProtectionLevelElement : BehaviorExtensionElement
{
private ProtectionLevel _level;
[ConfigurationProperty("Protection Level", DefaultValue = "",
IsRequired = true)]
public ProtectionLevel Level
{
get { return _level; }
set { _level = value; }
}
public override Type BehaviorType
{
get { return typeof(CustomProtectionLevelBehavior); }
}
protected override object CreateBehavior()
{
return new CustomProtectionLevelBehavior(this.Level);
}
}
}
This class is release in GAC y we have modifing the machine.config of the
path:
C:\WINDOWS\MIcrosoft.NET\Framework 2.0xx\CONFIG\MAchine.config
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="persistenceProvider"
type="System.ServiceModel.Configuration.PersistenceProviderElement,
System.WorkflowServices, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"/>
<add name="workflowRuntime"
type="System.ServiceModel.Configuration.WorkflowRuntimeElement,
System.WorkflowServices, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"/>
<add name="enableWebScript"
type="System.ServiceModel.Configuration.WebScriptEnablingElement,
System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"/>
<add name="webHttp"
type="System.ServiceModel.Configuration.WebHttpElement,
System.ServiceModel.Web, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35"/>
<add name="customProtectionLevel"
type="In.BizTalk.Componentes.CustomProtectionLevelElement,
In.BizTalk.Componentes, Version=1.0.0.0, Culture=neutral,
PublicKeyToken=14c373139974269f"/>
</behaviorExtensions>
....
But our behavior do not appear when we add extension in our adapter WCF-
CUstom BizTAlk
Could you help me to know the problem?
Thanks in advance
Tomas Restrepo [MVP]
> But our behavior do not appear when we add extension in our adapter WCF-
> CUstom BizTAlk
>
> Could you help me to know the problem?
Did you restart the admin console after deploying the behavior to the GAC?
Also, make sure you don't have linebreaks or extra spaces in the
type/assembly name in your behaviorExtension registration in
machine.config; WCF hates that.