This is my second post about using single sign on in Biztalk Server.
In this post i will show how to access mapped credentials by code.
First create a new affiliate application and a credential mapping as i show in the last post.
- Create a new class library project called “Test.SSO”
- Add a reference to the assembly “Microsoft.BizTalk.Interop.SSOClient.dll”, located in “C:\Program Files\Common Files\Enterprise Single Sign-On”
- Add the following code in a new class called SSOManager
using System; using System.Collections; using System.Collections.Specialized; using Microsoft.BizTalk.SSOClient.Interop; namespace Test.SSO { public static class SSOManager { /// <summary> /// Get external application credentials. /// </summary> /// <param name="ticket">Credential ticket generated by biztalk receive port.</param> /// <param name="appName">Application name to get external credentials.</param> /// <param name="userAccount">User account to get external credentials.</param> /// <returns>ArrayList with mapped credentials.</returns> public static ArrayList GetExternalApplicationCredentials(string ticket, string appName, string userAccount) { ISSOTicket ssoTicket = new ISSOTicket(); string externalUsername; string[] credentials = ssoTicket.RedeemTicket(appName, userAccount, ticket, SSOFlag.SSO_WINDOWS_TO_EXTERNAL, out externalUsername); if (credentials == null || credentials.Length == 0 || String.IsNullOrWhiteSpace(externalUsername)) { return null; } ArrayList credentialsList = new ArrayList(); credentialsList.Add(externalUsername); credentialsList.AddRange(credentials); return credentialsList; } } }
- Create a new Orchestration called SSOOrch
- Include a reference to the previous created class library
- Publish a new wcf service using “WCF Service Publishing Wizard” and publish it at basic auth (http://msdn.microsoft.com/en-us/library/bb226564.aspx)
- Set the Orchestration receive location to receive messages from the service created
- Configure the receive location security área like the following image, but checking “Use Single-On” option.
- Create na Orchestration variable called ssoMapping as ArrayList
- Add a new expression shape in the orchestration
- Add the following code in the previous expression Shape (TestApp is the name of the affiliate application previously created)
ssoMapping = Test.SSO.SSOManager.GetExternalApplicationMapping(SSOOrch(BTS.SSOTicket), “TestApp”, SSOOrch(BTS.WindowsUser)); - Complete the orchestration by setting a send shape to file system.
- Deploy the orchestration and set the regular configurations, but very important – set an host instance with an account that belongs to a SSO application administration group
- Invoke the previously created wcf service with an account that you have set in the SSO mapping.
- If you debug the orchestration, you will get in the ssoMapping ArrayList 4 parameters with the data you have set in “User Id”, “MappedUser”, “”MappedPassword” and “MappedDomain” as you see in the next image.
Hope this example will help you to easily use SSO in BizTalk Server.
Happy coding.