Enable Basic Authentication with BizTalk Deployment Framework (BTDF)
I was having a problem with getting Basic Authentication into BizTalk’s automatic deployment. It’s not something you want to have your administrators do after each deployment, especially not if you have many web services deployed. So I needed a solution for this, but was not succeeding online for my BizTalk specific case. There’s just no way to do it out-of-the-box with the BizTalk Deployment Framework.
There’s a pretty easy way to automatically set web services to Basic Authentication after deployment though, and that’s using a post deployment instruction in the BizTalk Deployment Framework.
Adding website deployment in the BizTalk Deployment Framework’s configuration file is not that hard. It needs some setup, but it will basically come down to adding the VDirList in an ItemGroup. A more comprehensive guide can be found in the help document of the BizTalk Deployment Framework.
Setting Basic Authentication
Setting the authentication is not possible with the basic instructions included in the VDirList. For that we need to use appcmd.exe and do it ourselves. Appcmd.exe is located in your Windows\System32\inetsrv and it’s not part of your PATH.
So after the deployment, the settings should be changed. The BizTalk Deployment Framework offers the Target CustomPostDeployTarget for this.
What we need to do is the following
- Add CustomDeployTarget to the BTDF project file (btdfproj).
- Add some commands inside the Target and use appcmd.exe to make sure Basic Authentication gets enabled. Meanwhile it is a smart idea to disable Anonymous authentication for that service as well.
The following appcmd-command is needed to enable Basic Authentication in the Default Web Site and only on the RobsAwesomeWebservice application.
appcmd.exe set config "Default Web Site/RobsAwesomeWebservice" -section:system.webServer/security/authentication/basicAuthentication /enabled:"True" /commit:apphost
You need to add a couple of parameters for the specific website:
- The SITE and APPLICATION. In this example Default Web Site/RobsAwesomeWebservice
- The SECTION. In this example -section:system.webServer/security/authentication/basicAuthentication
- The VALUE. In this example /enabled:”True”
- And last but not least, say that you want to commit the changes with /commit:apphost.
In the end, the instruction should look like this. You may also want to add environment settings to the mix. E.g. setting certain authentication modes to True or False for each environment. I can imagine you don’t want Basic authentication on your local machine.
<!-- Enable BASIC authentication -->
<Exec Command=""C:\Windows\System32\inetsrv\appcmd.exe" set config "Default Web Site/RobsAwesomeWebservice" -section:system.webServer/security/authentication/basicAuthentication /enabled:"True" /commit:apphost" />
<!-- Disable ANONYMOUS authentication -->
<Exec Command=""C:\Windows\System32\inetsrv\appcmd.exe" set config "Default Web Site/RobsAwesomeWebservice" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:"False" /commit:apphost" />
And that’s that. Run your msi and notice Basic authentication is automatically enabled after deployment.