mtelligent

View Original

Exam 70-554 - Implement filters in a Web service application.

David San Filippo

Section 1

  • Part 3
    • Topic 4
Implement filters in a Web service application.
  • Add a filter.
  • Remove a filter.
  • Shuffle the order of the filters.
  • Enable the Trace filter.
  • Create custom input and output filters.

Summary

In WSE 2.0, there was a filters element/section in the config file that allowed you to define how the pipeline should be constructed, that is how and in what order the assertions should be applied. When using WSE 2.0, there was a filters tab in the tool that defaulted to using a policy file. In WSE 3.0 this has been merged with the policy itself. The ordering of the assertions in the policy file defines how the pipeline will be constructed.

Using WSE 3.0, you can create custom assertions. Each assertion has the ability to inject filters into the pipeline. There are four methods of a custom assertion that need to be overridden to apply a filter at that point in the pipeline:

  • CreateClientOutputFilter – The Senders output pipeline
  • CreateServiceInputFilter – The receivers input pipeline
  • CreateServiceOutputFilter – The receivers output pipeline
  • CreateClientInputFilter – the senders input pipeline

So as you can see you can apply filters to your custom assertion at the different points of the request response lifetime between the client and server. To create a custom filter you just have to inherit from SoapFilter and override the ProcessMessage method. The following is an example from msdn of a custom filter that doesn’t do anything:

class NoOpFilter : SoapFilter
{
  public override SoapFilterResult ProcessMessage(
  SoapEnvelope envelope)
  {
     return SoapFilterResult.Continue;
  }
}

Once you have created your custom assertion, you just need to register its details in the extensions element of the policy file. Here is an example of that from msdn:

<extensions>
<extension name="myCustomerAssertion" type="MyAssertion, MyAssembly"/>
</extensions>

Then the ordering of filters into the pipeline is controlled by the ordering of the policies in your policy file. In the following code sample from msdn, a Trace assertion that contains Trace filters at different points of the pipeline is inserted both before and after one of the turn key security assertions is applied to the message.

<policy name="MyServicePolicy">
<myTrace output="beforeSecurity.xml"/>
<usernameOverX509Security ... />
<myTrace output="afterSecurity.xml"/>
</policy>

Other Resources & Links:

Security features in WSE 3.0
http://msdn.microsoft.com/msdnmag/issues/05/11/SecurityBriefs/default.aspx