BizTalk Server includes Enterprise Single-Sign-On to store an encrypted mapping between a user’s Windows user ID and his credentials for the applications in an SSO database. BizTalk stores its configuration data centrally in the Single-Sign-On (SSO) database using the user ID for the BizTalk user.
In some cases custom configuration needs to be stored in a secure place. The custom configuration can for example be user credentials to applications or services that BizTalk communicates with. This article describes how to store key/value configuration in the SSO database and how to read this configuration in a BizTalk orchestration and a BizTalk pipeline.
The configuration is in this case stored in the SSO database by using the SSO Configuration Application MMC Snap-In. A client .net assembly is created to read this configuration and a static class in this assembly is used to provide the values in the key/value pairs to the BizTalk orchestration and the BizTalk pipeline.
Microsoft provides the SSO Configuration Application MMC Snap-In to allow developers to exploit the same SSQ store for any custom configuration purposes. The snap-in can be downloaded from this site: http://www.microsoft.com/en-us/download/details.aspx?id=14524.
When downloaded, unzip the files and run setup.exe.
The SSO Application Configuration console can be started from the Start menu.
To add a new application: Right-click the root node and select Add Application. Rename the new application.
To add a key value pair: Right-click the new application and select Add Key Value Pair. Enter the values and click the OK button. The key value pair can be amended or deleted later. Find the correct application in the list and right-click and select Properties or Delete on the key value pair.
To save the configuration: Click Save on the File menu. The configuration is now stored in the SSO database.
This application can be exported by right-clicking and selecting Export Application. An encryption key needs to be entered in order to do this. Use the same key to import the application in the new environment. Importing an application can be done by right-clicking and selecting Import Application.
There is also an MSBuild task that can be used to import the application into an environment. This task can be used to automate the deployment of the SSO Configuration data.
MyBizTalkApplication can be renamed to the name of the BizTalk application that this configuration apply to. To store user credentials the keys can be renamed to "Username" and "Password" and have appropriate values.
Create a client .net assembly
In this case a new class library project is created in Visual Studio and the class SSOClientHelper.cs is added. This class is found in the SSOConfigurationApplicationClientHelper folder after unzipping the files in the download above.
A reference to the Microsoft.BizTalk.Interop.SSOClient.dll is also added. This assembly is found in the Enterprise Single Sign-On folder where the installation was done when running the setup.exe above.
The code looks like this:
public class ConfigurationPropertyBag : IPropertyBag
private HybridDictionary properties;
properties = new HybridDictionary();
public void Read(string propName, out object ptrVar, int errLog)
ptrVar = properties[propName];
public void Write(string propName, ref object ptrVar)
public bool Contains(string key)
public void Remove(string key)
public static class SSOClientHelper
private static string idenifierGUID = "ConfigProperties";
public static string Read(string appName, string propName)
SSOConfigStore ssoStore = new SSOConfigStore();
ConfigurationPropertyBag appMgmtBag = new ConfigurationPropertyBag();
((ISSOConfigStore) ssoStore).GetConfigInfo(appName, idenifierGUID, SSOFlag.SSO_FLAG_RUNTIME, (IPropertyBag) appMgmtBag);
object propertyValue = null;
appMgmtBag.Read(propName, out propertyValue, 0);
catch (Exception e)
A method can be added to the SSOClientHelper class to write key value pair to the configuration store, but this class will only be used for reading values.
Sign the assembly with a Strong Name Key File, build it and install it to GAC.
Read values from the SSO in a BizTalk orchestration
Add a reference to the client assembly above in a Biztalk project in Visual Studio.
In an Expression Shape in a Biztalk orchestration the Value from a SSO Configuration Key can be read into a string variable:
strTestValue = MyCompany.Common.SSOClient.SSOClientHelper.Read("MyBizTalkApplication", "TestKey01");
MyBiztalkApplication is the application name that is used in the SSO Configuration store and
TestKey01 is the key that the value will be read from. The value can now be used when contructing a message in the orchestration. For example if the value is a username or password it can be written to a security header in a request that is going to be sent to a service.
Read values from the SSO in a BizTalk Pipeline
A custom pipeline component can be created to read the values from SSO, using the SSOClient, and then added to an appropriate stage in a receive or send pipeline.
A reference to the client assembly needs to be added in the class library project in Visual Studio where the custom pipeline component is created.
Add the following statement in the custom pipeline component class file:
The value can then be read anywhere in the code:
string testValue = SSOClientHelper.Read("MyBizTalkApplication", "TestKey01");
Build and deploy the custom pipeline and the custom pipeline component as normal.