In our production environment, We have around more than 40 SFTP/WCF send/Receive ports /locations, Whenever there are any changes in interfaces we have to undeploy complete interface and redeploy with changes, Each time operations team are spending enormous amount of time entering passwords for SFTP and WCF ports, Is there any way we can automate this process? We dont want to store passwords in binding file in clear text format.

Please let me know what is the efficient way to handle this situation

• Edited by btsSR Thursday, January 30, 2014 8:41 PM update

1. If you can't change the application, then consider writing a tool that creats a temp binding file with passwords for import.  If they're there, passwords will import.  Then delete that bindine file.

2. For the WCF Ports, if you can change the app, you store the passwords in SSO and set the Affiliate application on the Credentials tab.  You would only have to configure this and setup the Affiliate Application once.  Unfortunately, the SFTP Adapter does not support the SSOAA option at this point.  The FTP(S) Adapter however does.

The change to the app is adding an SSO Ticket to the message context.  Here's a Pipeline Component sample: http://code.msdn.microsoft.com/Use-single-signon-with-FTP-b6414ce8

You can also set the BTS.SSOTicket property in an Orchestration.

How about XMLPreprocessor to change passwords?

What do you mean by XMLPreprocessor?  There's no way to inject code into the Binding File Import process.

If you mean preprocess the Xml Binding File to add passwords, then that's option #1.  Take the stored Binding File without passwords and run a tool to add passwords.  Import the resulting Binding File, then delete.

Hi,

In one of the client place where similar to you they had many binding configurations with sensitive password in it, so we followed this approach:

• When you export the bindings this would have the entire binding configuration. Out of this complete binding, create a subset of binding file, which would only have configurations which need passwords in it. (or you can use the complete binding you have extracted)

• Then we following BTDFs SettingsFileGenerator.xml approach. Where we created a excel file, which will have different passwords for different environments. i.e. an SFTP port may have different password for test and production environments. This excel would be similar to this .Save this excel file as XML.

• Update the subset binding file which we extracted earlier with placeholder in the password section. Something like $ClientAPortPassword for Port1, $ClientBPortPassword for Port2 etc.

• We developed a C# application which would take 3 parameters:

1- Environment for which youre trying to create the binding file with password in it

2- Subset binding file (which has placeholder variables in it for passwords)

3- SettingsFileGenerator.xml file which you created out of Excel file.

This C# would replace all the placeholders with relevant passwords from SettingsFileGenerator.xml file based on the chosen environment.

• Once binding file has been created from the C# tool, import the binding and delete it.

From now on, whenever you need to do any changed to the binding, you have a process to follow, which can easily generate the binding files with password for different environment easily.

Thanks for your reply, Where do you place password? In SettingsFileGenerator.xml file? Is it going to be visible to the person whoever generating binding file?

Any of the binding file solutions will have clear-text passwords at some point which would, without additional customization work, be visible to the operator.

Once entered, SSO passwords are never clear-text on the BizTalk side.

Yes, credentials are going to be visible in this binding. Its like a datastore where you would store credentials. This XML ( it's a Excel file saved as XML file) can be protected using password and restricting user to use it.

Using SettingsFileGenerator.xml and generating a binding file from it, is one of the ideas which you can utilize. If your not conformable with the password being visible in this file, you can create a similar data store where passport details are encrypted. And while creating the binding file, you decrypt the data and use it in the binding file as your preference.