Mark Middlemist on Thu, 13 Feb 2014 13:06:44

Hi all

I'm working to send messages to an Azure BizTalk Services endpoint from c#, and after hitting this bug have also reproduced the following using the MessageSender example, so I'm assuming this isn't so much a code bug but a lack of understanding of ACS principles in my case.

When using the "Send Test Message" function in the BizTalk services section in server explorer the messages send fine, but in my code the send to the bridge endpoint throws a 401. Examining with fiddler the actual message is "40104 - Invalid authorization token audience"

I've checked that the ACS token issued is correct and the claims are correct (has both Manage and Send)

When calling ACS token service the required audience, from looking at the MessageSender code, is the full address of the bridge endpoint, with https replaced with http


Posting to bridge address mean the ACS token audience is - is this correct?

Many Thanks in advance for any help you can offer




Shailesh Agre on Fri, 14 Feb 2014 07:00:49

Hi Mark,

Can you please confirm which ACS user is being used here?
What works with BizTalk service is
Under Access Control Namespace management portal (ACS namespace that the WABS is using), on the left side under Service Settings click on Service Identities
Click on owner
Then click on password - show password - and copy paste it.
If you have added customer user account (service identity) and trying to use it, it may fail.
Don't use ManagementClient identity from Administration - Management Service section.
Also, WABS does not support Symmetric Key.