how should i design security approach in BizTalk?

Home Page Forums BizTalk 2004 – BizTalk 2010 how should i design security approach in BizTalk?

Viewing 1 reply thread
  • Author
    Posts
    • #14257

      hi guys,

      i have an orchestration that publishs as a Web Service and i have a web client that sends request and wait for response from this Web Service. The orchestration needs to retrieve data from Oracle DB using Oracle Adapter. Oracle DB has a seperate log-on user.

      In my web client, i create a log-on (for oracle) screen for a user. How can i design security issue here with BizTalk? Since when i create an adapter i use ODBC with a specific oracle User/Passwd also when i create a send port i also define another user/passwd in DB transport properties page.
      How can i dynamically use a log-on that a user entered in the client web to connect to oracle?

      Do i need Enterprise Single Sign-on, but that will impersonate only if the user has a Windows user? what about if a user connect from other non-Windows OS machine. It’s getting complicate for me 😥 pls help

    • #14258

      As I understand it, the Oracle Adapter is using a System DSN rather then the user id and password setting you put inside the adapter configuration.

      I do not know if it is possible to have this dynamic – might want to try adding an additional field in the table and pass in the user id as a value (if this is possible).

      If the Oracle Adapter doesn’t work for you, you might want to use simple .net call inside an Orchestration. You have more flexibility to pass in user id and passwords.

      ESS could be used to store passwords and I think it could be used to do some type of validation but I have not used it enough to know if this would really help you. I don’t think you would have to use it in your scenario.

      Hope this helps.

Viewing 1 reply thread
  • The forum ‘BizTalk 2004 – BizTalk 2010’ is closed to new topics and replies.