Using key file authentication with the BizTalk SFTP adapter

Authentication on an SFTP location can be done with simple username/password credentials… However another way to authenticate the sender is by using a Key Authentication file. But how can this last authentication method be used inside the BizTalk SFTP adapter?

the BizTalk SFTP adapter we used to achieve this is the  freely available SFTP adapter on Codeplex. Just download the adapter and install it. And don’t forget to add the adapter in the BizTalk admin console of course.

Now then let’s set up the port in BizTalk. In my example I ‘ve configured a receive location, but obviously the same goes for the send port configuration.
First of all choose the created adapter in the biztalk admin console, as shown below.

Port configuration

To set up the proper configuration for the SFTP port, just press the ‘Configure’-button.


These parameters need to be set:

  • Schedule: define a timely schedule how often you want to poll the SFTP location (receive location only)
  • File Mask: set the correct file mask
  • SSH Host: the host address of the SFTP location
  • SSH Identyfile: Select the Key authentication file on disk
  • SSH Identyfile Passphrase: the password of the selected key authentication file
  • SSH Remote Path: the path on on the SFTP location
  • SSH User: the user name to authenticate on the SFTP location

Seems pretty straight forward, doesn’t it?
Well there are some things you ‘ll need to take into account to make sure the connection can be made…

Make sure the identyfile type is supported

You’ll need to make sure the identyfile type is supported by the library. The supported versions can be found here. As this is the library which is used by the bizTalk SFTP adapter.

Make sure the identyfile can be recognized

In my case for example, I got an *.ppk file as authentication file. But as it turned out, this wasn’t recognized.
The error message you git is this:

invalid privatekey: D:\tempkey.ppk

Which in the end seemed a bit misleading, as the problem wasn’t the private key for the authentication file. It was just the *.ppk file that wasn’t supported.
To make the key authentication file working, I had to convert the file to an OpenSSH key file. This can be done by using PuttyGen for example, and exporting the authentication file as an OpenSSH key file.

Don’t use both password parameters

Also make sure you only use the intended parameter SSH Identyfile Passphrase, and leave the SSH password blank.
In case both password fields are filled, the SFTP adapter will try to authenticate by the username/password credentials stated. So it won’t offer the specified identyfile to authenticate.

BizTalk file mask difference for windows 7 and windows server 2008 r2

When defining a file mask for a specific extension for a file receive location on BizTalk, there’s a difference in which files will be processed depending on the installed OS.

For example, a file receive location on BizTalk 2010 in Windows 7 with extension *.xls will not only process xls files but also xlsx files. While the exact same file mask defined on a receive location in Windows Server 2008 R2 will only pickup files with extension xls.

This behaviour is caused by the Windows operating system and can be reproduced without BizTalk in a command prompt.

Create 2 files in a folder location: one with extension txt the other with extension txt1. When you type ‘DIR *.txt’ in the command prompt on Windows 7, 2 files will be found. When doing the same on Windows Server 2008 R2, only 1 file will be found.