Chapter 5: Service Boundary Protection Patterns

 

Web Service Security: Scenarios, Patterns, and Implementation Guidance for Web Services Enhancements (WSE) 3.0

Microsoft Corporation

patterns & practices Developer Center
Web Service Security: Home
December 2005

Download	Download this guide in PDF format
Community	Web Service Security Community Workspace [Content link no longer available, original URL:http://go.microsoft.com/fwlink/?LinkId=57044]

Chapter 2, Message Protection Patterns, described how to provide protection against data tampering and unauthorized access to message content. However, in many cases you will need to provide additional protection at the service's boundary to:

• Protect Web services against malformed or malicious content.
• Ensure that when a Web service operation fails you do not accidentally reveal confidential information in the SOAP Fault that is returned.
• Prevent an attacker from intercepting a message and replaying it to force a Web service operation to execute multiple times.

This chapter describes how to provide service boundary protection. It includes the following design and implementation patterns:

• Message Replay Protection
• Implementing Message Replay Detection in WSE 3.0
• Message Validator
• Implementing Message Validation in WSE 3.0
• Exception Shielding
• Implementing Exception Shielding