Invoking WCF services from BizTalk Server using the WSE 3.0 adapter
One of the main purposes of the Web Services Enhancements (WSE) 3.0 project was to provide a high degree of interoperability with Windows Communication Foundation (WCF). Both WSE and WCF services can be designed to be compliant with the WS-I profiles to guarantees interoperability. The Turnkey Security Assertions in WSE 3.0 can be mapped directly to WCF bindings.
The WSE 3.0 adapter for BizTalk Server 2006 allows invoking WCF services from BizTalk orchestrations as well as exposing BizTalk orchestrations as WSE 3.0 services that can be consumed by WCF clients.
The following example illustrates how to invoke a WCF service from BizTalk Server using the AnonymousOverCertificate Turnkey Security Scenario.
The WCF service we created in our demo exposes a “very complex” Echo operation as we show in the following code:
| [MessageContract()] public class HelloWorldRequest { [MessageBody(Name = "Message")] public string Message; } [MessageContract()] public class HelloWorldResponse { [MessageBody(Name = "ReturnValue")] public string ReturnValue; } [ServiceContract()] interface IHelloWorld { [OperationContract(Action="HelloWorldRequest", ReplyAction="HelloWorldResponse")] HelloWorldResponse HelloWorld(HelloWorldRequest message); } class HelloWorldService : IHelloWorld { public HelloWorldResponse HelloWorld(HelloWorldRequest request) { HelloWorldResponse response = new HelloWorldResponse(); Console.WriteLine("Message received: " + request.Message); response.ReturnValue = "Hello: " + request.Message; return response; } } |
The binding for this service specifies a UserNameOverCertificate Turnkey Security Scenario.
| <?xml version="1.0" encoding="utf-8" ?> <configuration> <system.serviceModel> <services> <service behaviorConfiguration="ServiceBehavior" name="Service.HelloWorldService"> <endpoint binding="customBinding" address="" bindingConfiguration="ServiceBinding" contract="Service.IHelloWorld"></endpoint> </service> </services> <bindings> <customBinding> <binding name="ServiceBinding"> <security authenticationMode="AnonymousForCertificate" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005 WSSecurityPolicy11BasicSecurityProfile10" requireDerivedKeys="false"> </security> <textMessageEncoding messageVersion ="Soap11WSAddressingAugust2004"></textMessageEncoding> <httpTransport/> </binding> </customBinding> </bindings> <behaviors> <behavior name="ServiceBehavior" returnUnknownExceptionsAsFaults="true"> <serviceCredentials> <serviceCertificate findValue="CN=tc2003s" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"/> </serviceCredentials> </behavior> </behaviors> </system.serviceModel> </configuration> |
The following figure shows a “complex” BizTalk Server Orchestration that interacts with the WSE service using the WSE 3.0 Adapter.
Figure 1: BizTalk Orchestration view.
The WSPort physical port configured manually in BizTalk Explorer looks like the following:
Figure 2: WSE 3.0
As we can see these port is using the wcfPolicy which is configured in the Policy configuration file of the WSE 3.0 adapter.
| <policy name="wcfPolicy"> <anonymousForCertificateSecurity establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false" ttlInSeconds="300"> <serviceToken> <x509 storeLocation="LocalMachine" storeName="AddressBook" findValue="CN=testcert" findType="FindBySubjectDistinguishedName" /> </serviceToken> <protection> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> </protection> </anonymousForCertificateSecurity> <requireActionHeader /> </policy> |
When the WSE 3.0 Transmit Adapter interacts with the WCF service the messages are fully encrypted and signed using the specified certificate. The following figures show the SOAP Request and Response messages produced using the WSE 3.0 Adapter:
| <soap:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <wsa:Action wsu:Id="Id-cb05a03b-a87b-46eb-a946-75736cd84cd5">HelloWorldRequest</wsa:Action> [WS-Security headers would fill this area...] </soap:Header> <soap:Body wsu:Id="Id-3e390b1f-543f-4749-bb31-0b8cd5baf869"> <xenc:EncryptedData Id="Enc-a9b4c55b-31ca-4c06-aa4a-a1e6b8078b2d" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> <xenc:CipherData> <xenc:CipherValue>2dJ1qVHoJLUD9CgbGKSFkk/ArV6ak+NhoEYUli46sD6BErRwvCfmqAW8XYyhT4EEiE7A2 bDlEzNykkcFDqsQ/LipSymCEfpIqXH+by0HMluhPSlFPKBqATBh1cMVKAV3</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </soap:Body> </soap:Envelope> |
Figure 3: Soap Request message sent using the WSE 3.0 Adapter.
| ...... <s:Body u:Id="_1"> <e:EncryptedData Id="_2" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:e="http://www.w3.org/2001/04/xmlenc#"> <e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">y8wAV8kV/KKascPxdSy3uFDyQX8=</o:KeyIdentifier> </o:SecurityTokenReference> </KeyInfo> <e:CipherData> <e:CipherValue>WsKcpTFyGqWzHbl/bKcH/QkmudOnEqXOyfvBRtrNRpcu64n8PdruHoWrjn PphUxo01nzoGNWzrDgaQkdUqhXshG5B8xvEg0xrXFD0Co8UfEXEdX1SkZtzVQMoGUg7cWD</e:CipherValue> </e:CipherData> </e:EncryptedData> </s:Body> ...... |
Figure 4: Soap Response received from the WCF service using the WSE 3.0 Adapter.
Where are we?
The WSE 3.0 Adapter in its current version provides the features to allow BizTalk Server applications to interact with WCF services. Using the WSE 3.0 adapter you can invoke WCF services that are WSE interoperable or expose BizTalk Server Orchestrations as WSE 3.0 Web Services that can be invoked from WCF clients. Using the WSE 3.0 Adapter developers can build BizTalk applications that in the future will interact with the upcoming WCF adapter.
The source code of this sample will be uploaded to AdapterWorx in the following days.