Announcing the Policy Injection Application Block

Just when you thought you knew everything there was to know about Enterprise Library 3.0, we have one last surprise in store: a new application block! The Policy Injection Application Block got off to a late start, but we're making good progress now and we'll ship the first public drop in the February 2007 CTP. The final release of Enterprise Library 3.0 (scheduled for late March) will of course contain the final release.

But first things first: what the hell is this thing? The short(ish) answer is that the Policy Injection Application Block will simplify the separation of business logic from cross cutting concerns, by letting you define policies and the objects/methods they apply to in a declarative way. Each policy contains a pipeline of "handlers" that are executed before and after a policy-enabled method is called. The handlers can do whatever you want, but the most common scenario will be to implement cross-cutting concerns such as logging, validation, exception handling and authorization. By amazing coincidence, Enterprise Library already includes blocks that implement these kinds of capabilities, so our out-of-the-box handlers will be simple wrappers over existing application blocks.

For a detailed description of the design and the rationale behind it, check out Ed Jezierski's post - but to get you started, here are a few more details on how this will work. The Policy Injection Application Block will provide a special Factory class that you can use to create instances of objects that may potentially have policies defined on them. I say potentially as one of the big benefits of this block is that you can define and change the policies through configuration, so you won't actually know at compile time which objects will have policies defined. The factory will inspect the configuration and determine if a policy exists. If no such policy exists, the factory will create an instance of the requested object and return it. If a policy does exist, the factory will create a proxy (technically a transparent proxy / real proxy pair) for the object, and wire this up to the chain of handlers and ultimately the real object. To the client, the proxy looks and smells exactly like the real object, but it will have the policies injected between the proxy and the real object.

The configuration for the block will look something like this:

  • Policy Injection Application Block

    • MyPolicy1

      • Matching Rules

        • MyMatchingRule1
        • MyMatchingRule2
        • ...

      • Handlers

        • MyHandler1
        • MyHandler2
        • ...

    • MyPolicy2

      • ...

    • ...

As you can see, each policy consists of a collection of matching rules and a collection of handlers. A matching rule is basically a predicate that defines which types and members the policy should apply to. If you specify more than one matching rule, all must apply for a policy to take effect. Out of the box we will ship matching rules that check for a specific assembly, namespace, type, method signature, or specific attributes on type or member definitions. Of course you'll also be able to write your own matching rules, should you want a policy to apply only when the moon is full or something similarly obscure. In the event that a particular class/method matches more than one policy, all of the matching policies will be executed in the order that they are defined.

Handlers are the classes that do the interesting work before and/or after a method is called. A handler is able to inspect the payload of the method call or return value, act on it, and even change it. In normal situations each handler will do its preprocessing work, invoke the next handler, wait for the call to return, do postprocessing work, and return control to the previous handler. However in certain situations a handler may decide not to call the next handler at all. One good example is an Authorization Handler. Its job is to check whether the current user is authorized to call the method. If the check shows the user is good to go, the handler will invoke the next handler in the chain. However if the user is not authorized, the handler will create an exception, package it up and send it back to the previous handler in the chain as shown below:

From the client's perspective, the result will appear identical to what would happen if the target object threw the exception itself, although in this case the exception was generated without ever calling the real object.

As I mentioned before, the handlers we will supply out of the box will be thin wrappers around existing application blocks, although again you can easily create your own. While the number of handlers and the details on how they will work are not entirely set in concrete, here is what we are hoping to include:

  • Validation Handler. This will look for validation rules applied on the method parameters or within types in the message signature, and call the Validation Application Block to check the supplied parameters against the validation rules. If validation succeeds the method will be called. If not, the handler chain will be aborted and an exception will be returned to the client.
  • Logging Handler. This will call the Logging Application Block to write a log message either before the method is called, after the method is called, or both. Optionally the handler will be able to log details such as supplied parameter values and call execution time.
  • Exception Handling Handler. This handler will do nothing before the method is called, and do nothing after the method is called unless an exception was thrown. If an exception was thrown, the handler will pass it to the Exception Handling Application Block using a specified exception policy, and any resulting exceptions will be returned to the client. In effect this will eliminate the need for boilerplate exception blocks when using the Exception Handling Application Block.
  • Performance Counter Handler. This will create a number of performance counter instances measuring things like number of calls, calls per second, average call execution time and number and rate of exceptions thrown by the target method.
  • Authorization Handler. This handler will use a specified authorization provider configured with the Security Application Block to check if the current user (obtained from the thread principal) is authorized to perform the current task (specified in the handler configuration). If so, the target object is called. If not, an exception will be returned to the client.
  • Caching Handler. This handler will generate a cache key based on the target method signature and values, and use the Caching Application Block to see if the method has already been called with these values within the configured cache threshold. If a value was found in the cache, it will be returned to the client and the handler chain will be aborted (i.e. the object will not actually be called). If a value was not found in the cache, the method will be called, and the return value will be added to the cache on the return path.

We're very excited by the potential for this block to help simplify your code and provide increased flexibility to change cross-cutting concerns at different stages of the application lifecycle. Keep in mind that the first drop of the Policy Injection Application Block (in the February 2007 CTP) will still be incomplete, but we'd love to hear your feedback to help us make the final release as valuable as possible.

By the way, if you're not the kind of person who likes surprises, apologies for springing this on you so late. It wasn't our intention to be secretive, however until very recently we were still not sure if we were going to be able to include this functionality in this release of Enterprise Library, so we didn't want to set expectations too early. Hopefully it was worth the wait, and that you can file it under "good surprises" 🙂

Thanks to Alex Homer for the great graphics, which were taken from the draft documentation.

Comments (66)
  1. Kris says:

    Very cool indeed. Is this all config file driven or are there any attributes to support this functionality a la AOP (Aspect Oriented Prog)

  2. Kris: so far it is all configuration driven, although one of the matching rules will check for the existence of a particular attribute, so you can do something like this:


    public void DoStuff()

    … where there is a policy defined in configuration that will look for this particular tag.

    For the final release we’re hoping to add the ability to explicitly attach handlers to types and methods via attributes, without the need for any configuration.


  3. Kevin says:

    Hi Tom,

    I am wondering if (or how) the ObjectBuilder is used in this Policy Injection Application Block?


  4. Do you wonder how to apply authorization, validation, logging and other requierements to you business

  5. Kevin – the PIAB uses Object Builder in much the same way as the other blocks, for example by configuring the core components by injecting the configuration data.


  6. vikasgoyal77 says:

    Hi Tom,

    This block is going to be very useful. Thanks for your efforts. Any study on performance impact on execution. I have also started a kind of application block called Web Analytics. Its hosted on CodePlex. Pls let me know your feedback.

    Vikas Goyal

  7. Many software projects experience disappointing productivity. Often productivity problems are inherent

  8. Matt Dunn says:

    Hi Tom,

    Great to see this implemented!

    As far as the factory for instance creation is concerned, does this place any restrictions on how instances can be instantiated e.g. only via a default constructor, thus no parameterised constructors?



  9. Matt – take a look at Ed’s post for some more details on how the interception mechanism works and how you can replace it with a different mechanism. But with our default remoting proxy mechansim, the main restrictions are that you must create the object with our proxy rather than "new", and the object must either derive from MarshalByRefObject or have an explicit interface for marshalling. I don’t believe there are any restrictions on the use of parameters in the constructor.


  10. Why not just go all the way and build an AOP framework which are target towards cross-cutting concerns? It’s really what it is, or part of AOP anyway but with a Microsoft name tagged on it (Policy instead of Aspects).

    Also, have you tried this with WCF? WCF doesn’t really like proxys.

  11. Another point, this time on the implementation. Why taking the MarshalByRef (or really contextboundobject) path? This is really much slower then dynamic runtime subclassing.

  12. Patrick Yong says:

    I can’t wait to see how PIAB work and I intend to test out on my project which already using WCSF and WSSF. Currently I am using NAspect and I see usage of attribute for matching rule offers a different kind of flexibility for me.

    I also wonder how the debugging facility will work in PIAB, ie will the debugger goes into the handler class so I can trace what is going on.

  13. Kevin says:

    How about including a Transaction handler out of the box?  Wrap the call inside a system.transaction

  14. Tom and Ed have complimentary articles on the Policy Injection Application Block: Tom’s Announcing the

  15. Announcing the Policy Injection Application Block

  16. OK, I know the sun has already set on February in some parts of the world, but over here it’s still well

  17. RSS It All says:

    OK, I know the sun has already set on February in some parts of the world, but over here it's still

  18. Dennis' Blog says:

    What a week! Both the new Visual Studio "Orcas" and Enterprise Library 3.0 CTPs are released. Enterprise

  19. Microsoft Patterns and Practices released the Enterprise Library 3.0 February 2007 CTP last night. A

  20. Eisenberg says:

    I have to agree with Patrik, context interception is butt slow.  I believe benchmarks put it at 50x slower than standard compile time invocation.  That’s almost twice as slow as using reflection to call every property and method!  On top of that, as far as I know, you cannot use generics with context bound objects!  Perhaps you guys better rethink this one.  You might want to go look at some of the existing AOP frameworks.  (ie. Castle’s Aspect#)

  21. Eisenberg says:

    Apologies. I realized that you guys aren’t actually using context interception, but rather Real/Transparent proxy.  However, the performance drawback is virtually identical.

  22. Patrik Löwendahl har gjort mig uppmärksam på att Patterns och Practices gruppen hos Microsoft har annonserat

  23. Цікавий сьогодні день, на новинки… 1) Enterprise Library 3.0 February 2007 CTP . Останній CTP до релізу.

  24. Sam Gentile says:

    Harry wonders if it has been a slow week. It started that way for me but its certainly not now with both

  25. As announced on Tom Hollander’s blog, the Microsoft Enterprise Library 3.0 will include a new application

  26. Since Both Tom and Ed wrote an article explaining whatever the Policy Injection Application Block [PIAB]

  27. Kijött a februári CTPje az Enterprise Library 3.0-nak , ami RCnek is tekinthető. Miért is jó ez nekünk?

  28. TSHAK says:

    The next version of Enterprise Library will be getting an AOPish block called the Policy Injection Application…

  29. I wanted to quickly fill you in on a couple of new additions we’ve made to the Policy Injection Application

  30. Navs says:

    This is really a great effort. It will simplify the development by making code clean and configurable. I am concerned about the performance of the PIAB.


  31. Julius Ganns says:

    By looking at the .NET Framework in earlier versions there has been a notable gap in enterprise functionality

  32. Julius Ganns says:

    By looking at the .NET Framework in earlier versions there has been a notable gap in enterprise functionality

  33. Thomas BT says:

    Do we have a possibility to change configurations (Logging configurations for Example) at runtime without restarting the application. Kindly provide links if explanation already available.

  34. 阿伦.NET says:



  35. boj says:

    Azért ez nem teljes RC, pont a PIAB döcögős még benne.

    Különben is jobb többször mint egyszer sem:)

  36. Yes, it’s finally here. The patterns & practices team is pleased to announce the official release

  37. Girish says:

    How is this different then EDRA?

  38. Girish – EDRA used a similar pattern at the service interface level, however the deliverables are very different. EDRA included a framework and reference implementation that provided guidance on the logical and physical deployment of services. PIAB is an application block that lets you externalize cross-cutting concerns from your business code, and doesn’t target service interfaces since WCF Behaviors already provide similar capabilities for that scenario.


  39. neuhawk says:

    Enterprise Library 3.0 – April 2007 发布

  40. Bashmohandes says:

    Enterprise Library 3.0 Released

  41. The patterns & practices team has announced the official release of Enterprise Library 3.0 – April

  42. Loser-X says:

    Most excellent. I have looked at Enterprise Library in the past, but never quite found a suitable project

  43. Overview The patterns & practices Enterprise Library is a library of application blocks designed

  44. I hope you’re enjoying the new release of Enterprise Library ! One of the more interesting inclusions

  45. Despues de mucho esperaracion oficial del Enterprise Library 3.0 – April 2007 para.NET Framework 2.0 / 3.0. Punntos sobresalientes Si estuvieron tan atentos como yo los CTPs no habra muchas sorpres …

  46. El Bruno says:

    Buenas hace un par de días se liberó Enterprise Library 3.0 ; y ya empezamos a tener pequeños aplicativos

  47. El Bruno says:

    Buenas hace un par de días se liberó Enterprise Library 3.0 ; y ya empezamos a tener pequeños aplicativos

  48. El Bruno says:

    Buenas hace un par de días se liberó Enterprise Library 3.0 ; y ya empezamos a tener pequeños aplicativos

  49. EntLib 3.0 just dropped . Go get the bits here . For more details, see Tom Hollander’s most excellent

  50. ... says:

    Luogo molto buon:) Buona fortuna!

  51. Rags says:

    Can we use PIAB in WCF services? What I mean is I want to intercept my service call and do some preprocessing before the real service api gets invoked. For ex. one of the api in my service is AddCustomer(Customer obj). What I want is before this api gets called I want  Customer object to go through some validation, default value filler and what not. In my whole Microsoft career I worked for short duration on Java EJB 3.0 recently. I used Interceptor to do such kind of stuff on EJB Bean api’s. So can we use PIAB on WCF services to do similar task?

  52. Hi Rags –

    While it would be possible to use the PIAB to apply policies against your service implementation class, the preferred way of applying cross-cutting concerns at WCF service boundaries is through Behaviors. In EntLib 3.0 we ship behaviors for a couple of the blocks (exception handling and validation) that are also PIAB enabled.


  53. Erics Blog says:

    While I was gone (three weeks in the US on vacation) pattern and practices have released Enterprise Library

  54. petersm says:

    Kijött a februári CTPje az Enterprise Library 3.0-nak , ami RCnek is tekinthető. Miért is jó ez nekünk

  55. Continuing my journey in Enterprise Library 3.0 mysterious ways, I decided to check out the Policy Injection

  56. Když byla před měsícem zveřejněna Enterprise Library 3.0, stěží jsem tomu věnoval pozornost. Hmmm, co

  57. accredited high school diplomas

  58. generic zoloft no prescription overnight shipping

  59. Have you used Aspect Oriented Programming (AOP) or Policy Injection? They’re pretty much the same thing.

  60. It’s been a long time that I’ve been thinking of writing this blog post but was strugling to find some

Comments are closed.

Skip to main content