Party Resolution Pipeline Component
Overview
The responsibility of the Party Resolution pipeline component is to map the sender certificate or the sender security identifier (SID) to the corresponding configured BizTalk Server party.
When the Party Resolution component reads the incoming message, it takes two message context properties as input: WindowsUser and SignatureCertificate. The WindowsUser property is populated by the adapter, or by a custom pipeline component, with the user name of the sender when it can reliably derive the sender information. The SignatureCertificate is populated by the adapter or the MIME/SMIME Decoder pipeline component with the thumbprint of the client authentication certificate.
If the message is signed, the thumbprint of the certificate that was used to validate the signature on the inbound message is then used to look in the Configuration Repository to determine which party it is associated with. If a party is found, the SourcePartyID for that party is placed in the context of the message as the originator of the message.
To enable the Party Resolution pipeline component to validate a Windows user, you must add the "WindowsUser" alias to a party. Type "WindowsUser" in the Name and Qualifier fields and set the Value to a user name in format of <domain\user name> (e.g. SOMEDOMAIN\someuser). In a stand-alone scenario, the WindowsUser value used to configure the party should match the value that is set by the receive adapter.
If the message arrives at the Party Resolution component with both of the properties stamped, the Party Resolution component first tries to resolve the party by the certificate (assuming the Resolve Party By Certificate property is set to True). If the party is resolved, the SourcePartyID for that party is placed in the context of the message as the OriginatorPID of the message if the host process running the pipeline is marked as Authentication Trusted by the pipeline. If the party resolution cannot be completed by using the certificate, the OriginatorPID value on the message is stamped with "s-1-5-7", which is the SID of an anonymous user. For more information about the OriginatorPID property, see How to Secure Pipelines.
Resolve the party
The following table shows how the Party Resolution pipeline component attempts to resolve the party.
| By SID | By certificate | WindowsUser | SignatureCertificate | Result |
|---|---|---|---|---|
| True | False | Available | Available or unavailable | Party is resolved. |
| True | False | Unavailable | Available or unavailable | Party is not resolved and is stamped as anonymous. |
| False | True | Available or unavailable | Available or unavailable | Party is not resolved and is stamped as anonymous. |
| True | True | Available | Available | Party is resolved. |
| True | True | Unavailable | Available or unavailable | Party is not resolved and is stamped as anonymous. |
| False | False | Available or unavailable | Available or unavailable | Party is not resolved and is stamped as anonymous. |
For information about configuring the Party Resolution pipeline component, see How to Configure the Party Resolution Pipeline Component.