This project is read-only.

Enterprise Library, https and impersonation

Jun 13, 2008 at 1:33 PM
Edited Jun 13, 2008 at 6:15 PM
We would like to make use of EntLib 4.0 in our mediation layer. We' hosting entity services in different environments and would like to route all calls through the MSE. Now we would like to move some logic from runtime service layer to mediation layer, such as validation and exception shielding. Is that possible?

Also, according to patterns & practices WCF on LAN should be sent using transport security. In all our IIS hosted services we're using server certificates and SSL, but is it possible to virtualize those services in the MSE?

Last thing; We are using windows auth and impersonation to delegate the desktop credentials from service layer down to data layer. Is MSE capabable to handle that scenario and could MSE extended policy behavior run under delegated privileges?

Btw: We want to make use of system.diagnostic on the MSE hosted services, is that possible?
Jun 21, 2008 at 12:15 AM
In doing a quick review of the new EntLib release I suspect exception shielding would work without issue, just add the ExceptionShieldingBehavior via a Policy.  However, I doubt the Validation AppBlock would work out of the box.  The behavior relies on the service contract having custom attributes applied to it and being able to uses reflection on the service instance that implements the contract to get at MethodInfo objects (which has information needed by the validator).  The MSE exposes custom service contracts as well as its own service instance object at the virtual endpoint that wouldn't have the information the validation logic is looking for.  You may still be able to leverage some of the concepts in the Validation application block by adding you own Message Inspectors and/or Parameter Inspectors via policy to the virtual service endpoints.

As for the MSE invoking IIS hosted services over transport security and doing delegation, both are possible.  You can add a Policy on the channel that is used to invoke the service.  In this policy, you can add an IChannelInitializer that makes the appropriate Impersonate/Undo calls on the WindowsIdentity in the current ServiceSecurityContext when the channel is opened/closed.

casperd wrote:
We would like to make use of EntLib 4.0 in our mediation layer. We' hosting entity services in different environments and would like to route all calls through the MSE. Now we would like to move some logic from runtime service layer to mediation layer, such as validation and exception shielding. Is that possible?

Also, according to patterns & practices WCF on LAN should be sent using transport security. In all our IIS hosted services we're using server certificates and SSL, but is it possible to virtualize those services in the MSE?

Last thing; We are using windows auth and impersonation to delegate the desktop credentials from service layer down to data layer. Is MSE capabable to handle that scenario and could MSE extended policy behavior run under delegated privileges?

Btw: We want to make use of system.diagnostic on the MSE hosted services, is that possible?