Chapter 5: Service Boundary Protection Patterns
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |
Chapter 5: Service Boundary Protection Patterns
Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0
Microsoft Corporation
patterns & practices Developer Center
Web Service Security: Home
December 2005
Download | Download this guide in PDF format |
Community | Web Service Security Community Workspace [Content link no longer available, original URL:https://go.microsoft.com/fwlink/?LinkId=57044] |
Chapter 2, Message Protection Patterns, described how to provide protection against data tampering and unauthorized access to message content. However, in many cases you will need to provide additional protection at the service's boundary to:
- Protect Web services against malformed or malicious content.
- Ensure that when a Web service operation fails you do not accidentally reveal confidential information in the SOAP Fault that is returned.
- Prevent an attacker from intercepting a message and replaying it to force a Web service operation to execute multiple times.
This chapter describes how to provide service boundary protection. It includes the following design and implementation patterns:
- Message Replay Protection
- Implementing Message Replay Detection in WSE 3.0
- Message Validator
- Implementing Message Validation in WSE 3.0
- Exception Shielding
- Implementing Exception Shielding
Retired Content |
---|
This content is outdated and is no longer being maintained. It is provided as a courtesy for individuals who are still using these technologies. This page may contain URLs that were valid when originally published, but now link to sites or pages that no longer exist. |