Monday, 31 October 2011

BizTalk Published Service Certificate Authentication Consume by Java Client Part1

BizTalk Published Service Certificate Authentication Consume by Java Client - Part1

I had a situation where my BizTalk published wcf service is consume by non .net Framework applications like java.I have been trying to accomplish this task for last one month but could not get right answer. After regressive search I found a useful class library which can support .net applications and java with supporting NetBeans 7.0 or higher class library.

As I mentioned in the title, I will explain you how to secure your BizTalk published (schema/Orchestration) WCF Service.Here I am not keen to describe the steps to publish Schema / Orchestration as WCF Service. If you are looking for “How to publish” refer this link

First step is to download the “WCF Express Interop Bindings“ file and install on your development box.

Amend machine.config file with metroBinding.

If you are running with .net Framework 4.0 then you need to update in two machine configuration files

1. C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\machine.config
2. C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config

If you are running with .net Framework 4.0 under 64bit windows then you need to update in another two machine configuration files

1. C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG\ machine.config
2. C:\Windows\Microsoft.NET\Framework64\v4.0.30319\CONFIG\ machine.config

Add Binding Extensions
Name ="metroBinding" type="Microsoft.ServiceModel.Interop.Metro.Configuration.MetroBindingCollectionElement, Microsoft.ServiceModel.Interop, Version=, Culture=neutral, PublicKeyToken=4fc38efee625237e"

Add Client endpoint

your machine.config should look like below

Note: Make sure you back up of each machine.config file before you update.

So far we have done the install and configure the metro binding. Now we do the actual BizTalk configuration and testing part.

Generate Server and Client certificate to authenticate the service for “Mutual authentication” process

Generate Server Certificate
makecert -r -pe -n "CN=BTSTestServerCertificate" -sky exchange BTSServerCert.cer -sv BTSServerCert.pvk
pvk2pfx.exe -pvk BTSServerCert.pvk -spc BTSServerCert.cer -pfx BTSServerCert.pfx

Generate Client Certificate
makecert -r -pe -n "CN=BTSTestClientCertificate" -sky exchange BTSClientCert.cer -sv BTSClientCert.pvk
pvk2pfx.exe -pvk BTSClientCert.pvk -spc BTSClientCert.cer -pfx BTSClientCert.pfx

Install Server and Client certificates (.cer) at Trusted Root Certification Authorities

Install Server and client Personal Information Exchange (.pfx) files at Personal Tab

If java client is consuming the BizTalk published service then you need to send Server and Client .pfx files to Java guys to generate .jks (Java Key store file) file

Create Two-Way receiveLocation for the published service ( if you have mentioned application name during le publishing Wizard open the receive location)
use WCF-Custom / WCF-CustomIsolated adapter and then use metrobinding to configure the Certificate authentication.

Selecting adapter and General Configuration

MetroBinding – General configuration

MetroBinding – Security configuration

Behavior Configuration

You are ready with certificate authentication for BizTalk published WCF service. You can use this service to consume .net and non .net application like Java.

I will update you on my next article for how to test using “.net client

Continue -- Part-2

Drop a comment if this article helped you to solve your problemalso you can email me for complete solution zip file to download
you can reach me @