I have published an orchestration as a WCF web service using WCF_WSHttp bindings. I think we about the SSL certificate working. It will be open to the internet, thus anyone who knows the URL could call it and pass data; so we want to add user/pass authentication. We simply one the one client/vendor to have the ability to call this webservice, no one else.
I've been reading everywhere, and cannot find any specific steps. I think I want something like Scenario #4 here: https://seroter.wordpress.com/biztalk-and-wcf-part-ii-security-patterns/, but I cannot see how he got the "Client Credentials" box to pop-up in BT-2010.
Best I can tell is I have to:
1) In BizTalk Admin Console - set Security Mode to TransportWithMessageCredential.
2) From here: https://msdn.microsoft.com/en-us/library/bb226482.aspx, I'm a little confused about the difference between Windows and Username. An outside vendor is calling our webservice, so they are not on our domain. Do I need to set up a service account? Or can I just make up a username and insert it here somewhere?
3) Do I have to make corresponding changes to the WCF web.config that was created by the BT-2010 "WCF Servcie Publishing Wizard"