question with windows authentication with BTS server

Home Page Forums BizTalk 2004 – BizTalk 2010 question with windows authentication with BTS server

Viewing 1 reply thread
  • Author
    Posts
    • #21119

       If we connect using windows authentication, does the map execute in the context of the user who submitted the message or the BTS service account context?  For example, if we execute a SQL lookup in map, will it use the per-user context or the BTS context? If it uses per use context, then it seems like this could be another (perhaps better) way to lookup the information versus having to get it out of the message context.

    • #21124

      No, BizTalk will use the BizTalk service account context.  You can specify a SQL login in the connection string if you want.  BizTalk does have a provision for passing the user account context along with the message:  Single Sign-On (SSO).  Many BizTalk adapters have SSO support, although maps and functoids do not.  Another option might be to use the SQL adapter instead of a map to access SQL Server.  The SQL adapter and SSO might be a solution for you.  (I don’t know whether the SQL adapter supports SSO, you would need to do some research)

      • #21126

         Thanks for the reply Ruselw, so you said BizTalk does have a provision for passing the user account context along with the message,can you please tell me how to do this

         

        Thanks

         

        • #21135

          Yes, BizTalk has a provision for carrying the original user account context along with the message (kind of).  It is called single sign-on (SSO).  It is designed to allow you to store mappings between AD accounts and other system accounts, such as databases or mainframes.  Many BizTalk adapters support SSO and will automatically look up the sign-on credentials from SSO and use them to call out to external systems.  In an SSO scenario, when BizTalk receives a message it attaches an SSO ticket to the message that outbound adapters can use to perform SSO lookups.  You might be able to use this SSO ticket to flow the original user credentials along with the message.  Unfortunately, this is pretty complicated to set up, but it is probably your best bet to get your scenaio working.  I’ve never had this specific requirement, so I don’t know exactly how to do it.  This link would be a good place to begin research:  http://msdn.microsoft.com/en-us/library/ms942599.aspx

          A good workaround might be to stand up a WCF service in front of (or instead of) BizTalk and do the lookup there where user impersonation is easy.

Viewing 1 reply thread
  • The forum ‘BizTalk 2004 – BizTalk 2010’ is closed to new topics and replies.