Disabling Itinerary Encryption in the ESB Toolkit 2.0

  • Article

Those of you that worked with the CTP of the ESB Toolkit 2.0 will notice a new feature in the final release, namely "Itinerary Encryption". The Itinerary Design now allows you to use a certificate to encrypt your itineraries before you export them out of Visual Studio. This is a key new piece of functionality since your itineraries may potentially contain sensitive configuration information or sensitive processes that you do not want to leave exposed as open text XML.

In the properties window for the Itinerary Designer you can see a new property called "Encryption Certificate". You can use this property to select a certificate from a certificate store.

Now as important as this option is, what I'm going to write about is how to disable this.  On my dev machine, I did not have any valid certificates installed, so I wasn't able to select one to use or encryption. This prevented me from validating or exporting my itinerary since the validation tool kept throwing an error. Since this was only a dev machine, I didn't care about the security of these itineraries, so I really wanted to disable this feature so that I could keep working. Fortunetly, there is a simple and easy way to do this.

If you have installed the ESBT to the default location, you should be able to find a file called "ruleset.config" in the "C:\Program Files\Microsoft BizTalk ESB Toolkit 2.0\Tools\Itinerary Designer" folder. This file contains a list of validation rules the the Itinerary Designer uses when validating or exporting your itinerary.  If you open this file in Visual Studio, you will find a node called <property name="EncryptionCertificate">. Inside this node, you will see there are two rules that define how the validation of certificates should be handled. The first rule is the one the designer uses by default and it says that an error should be thrown if you do not have a certificate assigned. I commented out this rule and when I ran the validation routine again, I only received a warning message about the lack of a cert. I was then able to export my itinerary.  Here's what the modified file looked like for my system.

<property name="EncryptionCertificate">
<!--<validator type="Microsoft.Practices.Modeling.Validation.X509CertificateContainerValidator, Microsoft.Practices.Modeling.Validation"
messageTemplate="A X509 Certificate is required in the model property '{0}' to encrypt any sensitive property in the designer."
name="EncryptingCertificate validator"/>-->
<!-- Warning message when not enforcing encryption -->
<validator type="Microsoft.Practices.Modeling.Validation.X509CertificateContainerValidator, Microsoft.Practices.Modeling.Validation"
messageTemplate="Some data may not be secured because no X509 Certificate was specified in the model property '{0}'."
tag="Warning"        
name="EncryptingCertificate (warning) validator"/>
</property>

Cheers and keep on BizTalking

Peter