Handling of authentication for LOB Activities - Part II

  • Article

In the previous blog post, we went over how to pass authentication information for WCF SQL, WCF Oracle DB, WCF SAP and WCF Siebel adapters. WCF Oracle E-Business adapter poses some additional challenges since in some case two sets of credentials – one for the Oracle DB and one for the Oracle E-Business server – may be required. Below are few options that can be used to authenticate in such scenarios.

Using custom endpoint behavior

The approach is exactly the same as defined in the previous blog post. In addition to retrieving the Oracle DB credentials and populating the ClientCredentials behavior, we will additionally retrieve the Oracle E-Business credentials and populate the relevant binding properties with that information. 

 

        public void
            ApplyClientBehavior(
                ServiceEndpoint endpoint,
                ClientRuntime clientRuntime
            )
        {
            ClientCredentials clientCredentials = endpoint.Behaviors.Find<ClientCredentials>();
Debug.Assert(clientCredentials != null, "ClientCredentials behavior not present");

// TODO: Add your code to retrieve the credentials from a secure
            // store. For illustration purpose, the values are hard-coded
            clientCredentials.UserName.UserName = "Foo";
clientCredentials.UserName.Password = "Bar";

 

           // We expect the adapter binding element to be part of a custom

            // binding. Locate the Oracle EBS binding element in that

            CustomBinding customBinding = endpoint.Binding as CustomBinding;

            Debug.Assert(customBinding != null, "Binding is not a CustomBinding!");

            OracleEBSAdapter adapterBinding = customBinding.Elements.Find<OracleEBSAdapter>();

            Debug.Assert(adapterBinding != null, "Adapter binding element not present");

 

            // TODO: Add your code to retrieve the credentials from a secure

            // store. For illustration purpose, the values are hard-coded

            adapterBinding.OracleUserName = "FooApps";

            adapterBinding.OraclePassword = "BarApps";

        }

 
Putting the credentials in the configuration file

The Oracle E-Business credentials can be specified by setting the binding properties – oracleUserName and oraclePassword – in the configuration file. Note that this poses a security risk since the credentials are now stored in clear text in the config file. You need to ACL that file properly.

The Oracle DB credentials can be specified using any of the mechanisms specified in the previous blog post.

Sandeep Prabhu,
BizTalk Server Team