Understanding WCF Fault Contract Handler

Topics: Exception Handling Application Block
Jun 28, 2010 at 2:33 PM

Hi,

This question is regarding using 'WCF Fault Contract' feature of Enterprise Library 4.1.

I am new to Microsoft Enterprise Library 4.1 and trying my hands on with the Exception Handling Aapplication Block.

I would like to understand the need / importance of the 'WCF Fault Handling' feature provided by the Enterprise Library. I have seen couple of samples on google including the following one:

 http://blogs.microsoft.co.il/blogs/bursteg/archive/2007/04/07/Shielding-WCF-Services-with-Exception-Handling-Application-Block-_2D00_-Part-1.aspx

Maybe this is a very basic question. But the samples I have seen are using throw new Fault exception<> at the server side catch block. Now, this has added more, to confusion. If we have to use throw new Fault exception provided by .net itself, then where is the value addition of EHAB-WCF Fault.

Frankly speaking I'm in need of some sample that can explain me its benefit. Can you please explain what benefit will I gain, if I use Ent-Lib's 'WCF Fault Contract Handling' feature. Can you please provide any sample, using which I'll be able to appreciate the need of using 'WCF Fault Handling' using Enterprise Library.

Thanks in advance for your help.

Jun 29, 2010 at 4:58 AM

Hi,

Basically, on my own understanding with WCF Exception Shielding it is mostly beneficial on scenarios wherein you wouldn't want to display the exception message encountered from your WCF Operation Contract and replace it with a more meaningful/high-level exception message that will then be passed to the client side application. Also, re-iterating from what have been discussed in the documentation. (http://msdn.microsoft.com/en-us/library/ff664738(v=PandP.50).aspx) see explanation below.

Exception shielding helps prevent a Web service from disclosing information about the internal implementation of the service when an exception occurs. The following forces explain why you should use exception shielding:

  • Exception details may contain clues that an attacker can use to exploit resources used by the system.
  • Information related to anticipated exceptions needs to be returned to the client application.
  • Exceptions that occur within a Web service should be logged to support troubleshooting.

Only exceptions that have been sanitized or are safe by design should be returned to the client application. Exceptions that are safe by design do not contain sensitive information in the exception message and they do not contain a detailed stack trace, either of which might reveal sensitive information about the Web service's inner workings. You should use the Exception Shielding pattern to sanitize unsafe exceptions by replacing them with exceptions that are safe by design.

With regards to "But the samples I have seen are using throw new Fault exception<> at the server side catch block", this is supposed to be in the Client side which is also as stated in the sample you have found.

We have a working sample for this, though it only focus on the implementation itself and may not provide you any real life scenarios you can use. But I bet you'll be able to think one once you have seen it working. Just send us an email if you want the sample.  

Gino Terrado
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

 

Jun 29, 2010 at 5:32 AM

Hi,

Thanks a lot for the explanation.

Will you please share the sample implementation of the ‘Ent Lib WCF Fault Handling’. It’ll be very helpful for me to understand, more clearly.

Thanks and regards,

Sudhir Kirloskar

Patni Computer Systems Ltd,
Bldg A - Level 3 - Wing A.
Patni Knowledge Park, Airoli, Navi Mumbai.

Tel: +91 22 39172000 x 2864


From: AvanadeSupport [mailto:notifications@codeplex.com]
Sent: Tuesday, June 29, 2010 9:29 AM
To: Kirloskar, Sudhir
Subject: Re: Understanding WCF Fault Contract Handler [entlib:217578]

From: AvanadeSupport

Hi,

Basically, on my own understanding with WCF Exception Shielding it is mostly beneficial on scenarios wherein you wouldn't want to display the exception message encountered from your WCF Operation Contract and replace it with a more meaningful/high-level exception message that will then be passed to the client side application. Also, re-iterating from what have been discussed in the documentation. (http://msdn.microsoft.com/en-us/library/ff664738(v=PandP.50).aspx) see explanation below.

Exception shielding helps prevent a Web service from disclosing information about the internal implementation of the service when an exception occurs. The following forces explain why you should use exception shielding:

  • Exception details may contain clues that an attacker can use to exploit resources used by the system.
  • Information related to anticipated exceptions needs to be returned to the client application.
  • Exceptions that occur within a Web service should be logged to support troubleshooting.

Only exceptions that have been sanitized or are safe by design should be returned to the client application. Exceptions that are safe by design do not contain sensitive information in the exception message and they do not contain a detailed stack trace, either of which might reveal sensitive information about the Web service's inner workings. You should use the Exception Shielding pattern to sanitize unsafe exceptions by replacing them with exceptions that are safe by design.

With regards to "But the samples I have seen are using throw new Fault exception<> at the server side catch block", this is supposed to be in the Client side which is also as stated in the sample you have found.

We have a working sample for this, though it only focus on the implementation itself and may not provide you any real life scenarios you can use. But I bet you'll be able to think one once you have seen it working. Just send us an email if you want the sample.

Gino Terrado
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Read the full discussion online.

To add a post to this discussion, reply to this email (entlib@discussions.codeplex.com)

To start a new discussion for this project, email entlib@discussions.codeplex.com

You are receiving this email because you subscribed to this discussion on CodePlex. You can unsubscribe on CodePlex.com.

Please note: Images and attachments will be removed from emails. Any posts to this discussion will also be available online at CodePlex.com



This e-mail message may contain proprietary, confidential or legally privileged information for the sole use of the person or entity to whom this message was originally addressed. Any review, e-transmission dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you have received this e-mail in error kindly delete this e-mail from your records. If it appears that this mail has been forwarded to you without proper authority, please notify us immediately at netadmin@patni.com and delete this mail.
Jun 29, 2010 at 7:36 AM

Hi,

Can you send us an email here entlib.support@avanade.com so we would know where to send it.

Jun 29, 2010 at 7:54 AM

Sample sent...