Published on : Apr 25, 2007
Category : BizTalk Server
From my understanding of BizTalk Services (Identity
, and Workflow
) so far, the word BizTalk doesn’t really mean much(at least at the moment, with currently live Identity
(aka Relay) services). May be it will make sense once ServiceBus
is live. There is nothing offensive here.It makes sense more on Windows Communication Foundation (WCF) front rather than BizTalk.
What is Identity Service?
Identity service is a way of authenticating end users and connected systems. Much similar (but not the same) to Microsoft’s effort of introducing Microsoft Passport few years back, as one stop shop for your authentication needs. Identity services (previously called Secure Token Services – STS) uses Windows Cardspace technology to authenticate clients (both users and connected systems) using claims based access control. To use any other services like Connectivity
, the authentication needs to be performed via Identity Service. So, it’s mandatory to create an Identity Service account (Create New Account
). On client side IE 7.0 is required.
What is Connectivity Service?
Connectivity Service is also called as Relay Service, which provides two main functionality:
1. Ability to create a listening endpoint (WCF endpoint) at the relay service, and
2. Ability to Send and Receive messages to and from that endpoint.
Listening endpoint is created by, configuring an application to listen on a public address (ex: net.relay://connect.biztalk.net/services/SARAVANA_W2003/HelloWorld/). If that address is available and the user is authorized, the relay service will start listening on that address on behalf of the application. The following config code snippet shows, how you’ll create a listening endpoint on a relay service from your WCF service application.
Microsoft has build some specific WCF bindings called Relay Bindings, to make integration seamless with Relay Service.
How Identity Service and Connectivity service fit together:
The following figure shows the high level overview of how both the services (Identity
) work together.
Server Authentication and establishing a Listening endpoint:
Step #1: An application behind a firewall (Example: HelloWorld Service) requests a security token for the Relay Service from the Identity Service.
Step #2: Identity Service responds with the appropriate token (assuming that “HelloWorld Service” could successfully authenticate to the service).
Step #3: “HelloWorld Service” initiates a connection to the Relay Service and asks to listen on a particular address (Ex: net.relay://connect.biztalk.net/services/SARAVANA_W2003/HelloWorld/). If the address is available and “HelloWorld Service” is authorized, a listening endpoint is created.
Step #4: The Client application requests a security token for the Relay Service from the Identity Service.
Step #5: Identity Service responds with the appropriate token (assuming the Client could successfully authenticate).
Sending and Receiving Messages:
Step #6: The Client formulates the application message and sends it to “HelloWorld Service” address on the Relay Service (Ex: net.relay://connect.biztalk.net/services/SARAVANA_W2003/HelloWorld/). The Client includes the security token it received in Step #5.
Step #7: The Relay Service forwards the application message down the open TCP connection to “HelloWorld Service”.
Step #8: “HelloWorld Service” creates an application response and sends it back to the Relay Service.
Step #9: The Relay Service completes the outstanding HTTP request with an HTTP response containing the application response message.
Hope this gives a basic understanding of Identity
services. The documentation at the moment is very thin, I’ll recommend downloading the SDK
, which got some good sample to start with.