I have a big issue in the Dutch Bank about resubmitting messages from BizTalk 360. I have a http receive location that can be use to resubmit messages. It takes a long time to finally get it worked, but now anybody who knows the uri can submit an message in the message box this message can be a bank transaction to your own account :). So only BizTalk 360 may resubmit these messages to the uri. At this moment anybody with a wcf client can put a message in the messagebox because you can log in with anonymous. Is there a security way to solve this problem, because otherwise they can not use this functionallity and this was one of the reason they want to have BizTalk 360.

I want to protect the HTTP web service, for anyone who know the url for example the developers. Because he can put any message in the message box with anonymous login. Is there a way to protect this. The best way is to create a white list for user who can acces the HTTP web service. Another option is that BizTalk 360 is using default localhost port 80 to resubmit message through HTTP web service. Can I not change that to another port so we can block that port on the server so the only user who can resubmit must have acces to the server.

Greetings, Sergio