In real time scenarios, monitoring all the HTTP endpoints in an environment is a complex process. Constantly monitoring the web endpoints which are running and produce the expected results for each execution is tedious. In a BizTalk environment, the health of Web Endpoints is vital to be able to process the data between multiple applications/partners. BizTalk Administrators manually monitoring the health and results of web endpoints in every execution is a cumbersome process. To overcome this challenge in BizTalk360, Web Endpoint Monitoring is introduced during 7.x version and it is received positive feedback about Web Endpoint Monitoring. We are constantly improving this feature. During 8.1 version, this feature had added functionalities like configuring custom HTTP headers, Payload details and additionally Response configuration like Return Code Alerts, Keyword Alerts, Response Time Alerts for every monitored web endpoint.
Web Endpoint monitoring is important in BizTalk Integration; Based on the feedback’s received, we decided to further improve the web endpoint monitoring to meet their business needs. Most of the customers, who provided feedback, requested to support additional authentication methods in web endpoints like:
- SSL client certificate support to Basic & Windows authentication
- Azure Services
Additional Authentication Support
Prior to BizTalk360 version 8.9, Web Endpoint monitoring supported Windows authentication to monitor the endpoints. From 8.9 version on, BizTalk360 Web Endpoint authentication is extended to support:
- Basic Authentication
- Certificate Authentication
- Azure Services Authentication
Below, we have a better look at each of the added authentication methods.
1. Basic Authentication
In the context of an HTTP transaction, Basic Access authentication is a method for an HTTP user agent to provide a user name and password when making a request. To unauthenticated requests, the server should return a response whose header contains a HTTP 401 Unauthorized status and a WWW-Authenticate field. In the BizTalk Admin Console, an HTTP endpoint can provision Basic authentication with a username and password.
2. Certificate Authentication
For monitoring HTTP web endpoints with SSL certificate settings, a client certificate thumbprint is provided in BizTalk HTTP transport properties, along with user name and password. A client-based certificate thumbprint is used to negotiate the server-side certificate.
BizTalk HTTP Transport Properties:
Similarly, In BizTalk360, the authentication type of Basic or Windows along with the client certificate thumbprint is configured in the Authorization section of Web Endpoint monitoring.
Note: Client certificates must be installed in the machines where BizTalk360 Web and Monitoring services reside.
3. Azure Services Authentication
To be able to use Azure Services Authentication, a Service Principal must be configured in Azure.
To be able to use Azure Services Authentication, a Service Principal must be configured in Azure. A Service Principal is an application within Azure Active Directory whose authentication tokens can be used as the client Id, client secret, and tenant fields (the subscription can be independently recovered from your Azure account details). With a Bearer Token being generated, using the Service Principal authentication takes place at the Web Endpoint.
There are two tasks needed to create a Service Principal via the Azure Portal:
- Create an Application in Azure Active Directory (which acts as a Service Principal)
- Grant the Application access to manage resources in your Azure Subscription
You can check how to create service principal in Azure Portal.
Content Type Support
The Content-Type entity header is used to indicate the media type of the resource. In responses, a Content-Type header tells the client what the content type of the returned content is. Browsers will do MIME sniffing, but in some cases, they will not necessarily follow the value of this header. To prevent this behavior, the header X-Content-Type-Options can be set to “nosniff”. In requests, (such as POST or PUT), the client tells the server what type of data is sent.
BizTalk360 8.9 extends the support to additional content types in request and response objects:
- SOAP (1.2) Content Type: “application/soap+XML” is a SOAP 1.2 content type which is added to the list. With this additional content type, SOAP V1.2 protocol is supported in web endpoint monitoring. The user can configure the XPath conditions to monitor the SOAP 1.2 endpoints, based on the results of the execution.
- Custom Content Type: When Endpoint Request/Response content types are not supported by BizTalk360, the Web Endpoint throws a HTTP 415 Unsupported Media Type. To prevent this from happening, you can configure Custom Content types. From the Request/Response content type drop downs, BizTalk360 allows you to select custom content type. When this option is chosen, users can enter Content Types which are not supported by BizTalk360, out-of-the-box, like:
- application/vnd.ms-excel (VDN)
Deprecation of TLS 1.0
The TLS 1.0 encryption protocol can no longer be used for secure communications in most of industries like PCI (Payment Card Industry). All web servers and clients must transition to TLS 1.1 or above. This deprecation will primarily affect non-browser software, APIs, and other internet infrastructure. Older versions of development tools which don’t support TLS 1.2, such as curl, are still widely in use—either directly by developers or as dependencies bundled into other software
BizTalk360 Web Endpoint monitoring throw an error when TLS 1.0 is disabled. From BizTalk360 version 8.9, Web Endpoint monitoring supports the TLS encryption protocol (TLS 1.1 and TLS 1.2), when TLS 1.0 is disabled.
The Web Endpoint monitoring improvements in this version will be helpful to monitor additional web endpoints. BizTalk Administrator/Developers can utilize the powerful Web Endpoint Monitoring feature in BizTalk360 with additional authentication type and content type.