none
Defining the configuration properties of a custom endpoint behavior for WCF RRS feed

  • Question

  • I have created a custom endpoint behavior for the WCF webhttp adapter. I have found how to make a field of the behavior GUI required, give it a default value, ... But I don't find how to make a sensitive field masked. Is there to-the-point documentation available what options are available and how to implement them?

    Lieven De Moor BizTalk Integration Specialist

    Monday, August 22, 2016 12:56 PM

Answers

  • Hi Manish,

    Thanks for sharing with us.

    Have just verified, it's working.

    @Lieven, Just make use of this.

            /// <summary>
            /// Gets or sets the password.
            /// </summary>
            /// <value>The password.</value>
            [Category("Security")]
            [System.ComponentModel.PasswordPropertyText(true)]
            [ConfigurationProperty("Password", DefaultValue = "", IsRequired = true)]
            public string Password
            {
                get { return (string)base["Password"]; }
                set { base["Password"] = value; }
            }

    Behaviour View In Send port.

    Thanks, SMSVikasK



    • Edited by SMSVikasK Tuesday, August 23, 2016 6:56 AM Image
    • Proposed as answer by Abhishek.Kumar.Pathak Tuesday, August 23, 2016 8:44 AM
    • Marked as answer by Angie Xu Wednesday, August 31, 2016 3:09 AM
    Tuesday, August 23, 2016 6:43 AM
  • Hi Lieven,

    You can do the masking in the wcf behavior also . We did in one of project where we created one wcf behavior and we need to mask the user credential field . For that we have used [PasswordPropertyText(true)] attribute on the top of field in the wcf behavior which we wanted to mask. for more information about this property can be found :

    https://msdn.microsoft.com/en-us/library/system.componentmodel.passwordpropertytextattribute(v=vs.110).aspx

    Let me know if you face any problem while implementing this.


    Manish

    • Proposed as answer by SMSVikasK Tuesday, August 23, 2016 6:41 AM
    • Marked as answer by Angie Xu Wednesday, August 31, 2016 3:09 AM
    Tuesday, August 23, 2016 5:58 AM

All replies

  • Hi,

    Some alternative I can think of, for this scenario.

    1) Do not to use Configuration Property for the sensitive data. Keep outside like SSO or any other place where you find its secure, access in behavior at runtime.

    2) Use Encryption / Decryption algorithm or mechanism to secure the sensitive data, access sensitive data only in run time.

    Out of the box, there is no feature. 

    WCF Security Best Practices

    https://www.owasp.org/index.php/WCF_Security_Best_Practices

    Thanks, SMSVikasK


    • Edited by SMSVikasK Monday, August 22, 2016 1:30 PM
    • Proposed as answer by Mauricio Feijo Tuesday, August 23, 2016 4:12 AM
    Monday, August 22, 2016 1:28 PM
  • Thank for your answer!

    Integration with ENTSSO was what I already implemented as alternative. Still, I wanted to provide this option for testing on local DEV machines without ENTSSO configured, and so it would have been handy to have masked fields. But as this option will only be used on a local DEV environment, masking the field is not a must.


    Lieven De Moor BizTalk Integration Specialist

    Monday, August 22, 2016 1:42 PM
  • Hello,

    you can set default values when over IEndpointBehavior method. or override default constructor with default values 


    public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
            {
                clientRuntime.MessageInspectors.Add(new yourClientMessageInspector(
                    new yourCredentialMethod
                    {
                        Id =  Default Value,
                        username= 'Default Value',     Pwd = 'Pwd'
                    }));
            }

    hope this helps.

    https://adventuresinsidethemessagebox.wordpress.com/2015/07/01/sharing-context-between-biztalk-and-wcf-behavior-extensions/


    Ram

    Monday, August 22, 2016 9:20 PM
  • Hi Lieven,

    I think SSO is the best out of the box option given by Biztalk to achieve this..

    Regards,


    Mandar Dharmadhikari

    Tuesday, August 23, 2016 3:45 AM
  • Hi Lieven,

    ENTSSO for PROD and no masking for DEV is what makes more sense here.


    My Technet Articles

    If you like this or another reply, vote it up!
    If you think this or another reply answers the original question, mark it or propose it as an answer.


    Mauricio Feijo
    www.mauriciofeijo.com

    Tuesday, August 23, 2016 4:13 AM
  • Hi Lieven,

    You can do the masking in the wcf behavior also . We did in one of project where we created one wcf behavior and we need to mask the user credential field . For that we have used [PasswordPropertyText(true)] attribute on the top of field in the wcf behavior which we wanted to mask. for more information about this property can be found :

    https://msdn.microsoft.com/en-us/library/system.componentmodel.passwordpropertytextattribute(v=vs.110).aspx

    Let me know if you face any problem while implementing this.


    Manish

    • Proposed as answer by SMSVikasK Tuesday, August 23, 2016 6:41 AM
    • Marked as answer by Angie Xu Wednesday, August 31, 2016 3:09 AM
    Tuesday, August 23, 2016 5:58 AM
  • Hi Manish,

    Thanks for sharing with us.

    Have just verified, it's working.

    @Lieven, Just make use of this.

            /// <summary>
            /// Gets or sets the password.
            /// </summary>
            /// <value>The password.</value>
            [Category("Security")]
            [System.ComponentModel.PasswordPropertyText(true)]
            [ConfigurationProperty("Password", DefaultValue = "", IsRequired = true)]
            public string Password
            {
                get { return (string)base["Password"]; }
                set { base["Password"] = value; }
            }

    Behaviour View In Send port.

    Thanks, SMSVikasK



    • Edited by SMSVikasK Tuesday, August 23, 2016 6:56 AM Image
    • Proposed as answer by Abhishek.Kumar.Pathak Tuesday, August 23, 2016 8:44 AM
    • Marked as answer by Angie Xu Wednesday, August 31, 2016 3:09 AM
    Tuesday, August 23, 2016 6:43 AM