I spent several hours last week banging my head against the proverbial brick wall while trying to identify the correct certificate store to be used for authentication by the HTTP Send Adapter – as the answer is a little obscure on the interweb, I’m posting the information here to help any weary BizTalk traveller in the future….
First, the obligatory background: The HTTP Send Adapter can use a public key certificate to identify itself as part of a two-factor authentication process when accessing a website (two-factor authentication ensures you are who you say you are by asking for information you know (i.e. username/password) and something you have (i.e. a RSA SecureID Token or a public key certificate)). The certificate it uses to perform this authentication is identified by the ‘SSL Client Certificate Thumbprint’ value of the Authentication tab on the adapter config dialog box, as shown to the left:
The adapter looks in the Personal Certificate Store of the user under which the BizTalk Windows Service is running, as detailed in the HTTP Send Adapter page on MSDN. Note that this is different to certificates used on the Send and Receive Ports and on Hosts, the settings for these can be found on MSDN at Certificate Stores that BizTalk Server 2006 Uses (which annoyingly doesn’t document the HTTP adapter).
More information on using two-factor authentication can be found at WindowsSecurity.com, however this article focuses on an end-to-end solution for securing a corporate web-site and is not very BizTalk specific; probably a good excuse to write a post on it in the future!