Enterprise Library 3 (Policy Injection Application Block)

It’s Sunday : instead of watching the boring Formula 1 Grand Prix (I was a die hard Senna fan during my Visual C++ career -my passion for racing and for Visual C++ has gone- but mainly because I’ve to teach an architecture course for U2U tomorrow), I’ve decided to spend my afternoon on the new Policy Injection Application Block released with Enterprise Library 3 a few days ago (for the other new Blocks, read my previous post).
My usual way of working is to quickly read the theory, to try a very simple example, and to get back to the documentation.
So here is my simple sample.
  • The Quickstart sample seemed too complex to me and I decided to create a basic stuff from scratch to avoid the "my eyes glaze over symptom".
  • I’ve reused the BankAccount class provided in the Quickstart sample, however:
We throw an ArithmethicException when the withdrawAmount is bigger than the balance.
What we want is to define a policy for the ArithmeticException that will be used automatically by the application,  so it’s a kind of AOP (well it’s the injection of a policy). In this policy we will replace the ArithmeticException with an ApplicationException and we will log the exeption details into the event log.
Our business class (BankAccount) must be either derived from MarshallFromRefObject (option choosen here, but I don’t like it) , or must implement an interface (my favorite option, but this afternoon I’m too lazy  to adapt the code, it’s Sunday after all.
  • I’ve created a console application, I’ve added the BankAccount class into the project as well as an app.config file. A great feature of Entlib3 is the integrated config file editor:


  •  I’ve used this new editor for adding the Policy Injection Application Block configuration:
  • It’s now time to define my policy:

  •  Let’s rename the policy "Authorize and Audit" :

  • Let’s define the criteria for being enlisted into this policy : what I want is that any class from the PolicyInjectionQuickStart.BusinessLogic namespace be part of this policy:

  •   As part of the policy we want to handle the Exceptions :

  • Let’s keep the default name :

  • We have to define an Exception Policy : for doing this, we have to add the Exception Handling Application Block into the app.config file :

  • Add a new Exception Policy:


  • Rename it "Bank Account Exception Policy":

  • Add a new Exception Type :


  • Select ArithmeticException :

  • Since we are going to replace our ArithmeticException with an ApplicationException, in the PostHandlingAction property, select  "ThrowNewException":


  • Let’s add a Replace Exeption Handler :

  • And map it to ApplicationException and set the ExceptionMessage property to "Insufficient funds available" :

  • Since we also want the ArithmeticException to be logged into the EventLog, add a  LoggingHandler  :


  • Set the "FormatterType" property of the logging handler to "TextExceptionFormatter"


  • Set the Category property to "General" which is the default Category Source defined in the logging Application Block config section :

  • Select our Exception Handling Handler :


  • Make the link with the Exception policy we’ve just defined :



  • Create you application : notice the PolicyInjection class that generates a proxy (which handles the injection & AOP stuff).

  • Verify that you have referenced the following assemblies :

  • Run the application : your ArithmeticException (and any other ArithmeticException) has been transformed into an ApplicationException.

  •  We also have an entry in the event log (it’s part of the BankAccount Exception Policy):


  • It’s time to add some security features : for instance I only want the user "Serge" to be authorized to uset the BankAccount class.
  • Let’s add the Secutity Application Block to our app.config file :



  • Add an Authorization provider (notice that there is an Azman provider, but we’ll use the "Authorization Rule Provider") :

  •  Add  new rule:

  • Rename the rule "BankAccount" :

  • In the BankAccount property page, set the expression as "I-Serge" (I means "Identity", if we want to specify the role, it’s ‘R’ instead):

  • We now have to make a link between the Policy Injection and the Rule (add an Authorization handler) :

  • Let’s configure the Authorization Handler in its property page : select "Rule Provider" as the Authorization provider and {type} for the Operation Name (the Authorization will work for the whole class here).


  • Run the application : normally we have a security exception (the user is not Serge).
  • Modify the main application :




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s