Configuring the AssertionDecoders

  • Article

The client sends a request with assertions and the server will either assemble the configuration file based on the assertions or retrieve the configuration file from the cache and send it to the client. A pluggable component named AssertionDecoder receives assertions from a client and returns an ordered set of configuration category claims. The AssertionDecoder plug-in is defined in the assembly Microsoft.Ccf.ConfigurationSystem.Server.ConfigurationService. The Assertion Decoder plug-in implements IAssertionDecoder interfaces that is exposed in the method GetOrderedCategoryList. The method GetOrderedCategoryList takes array of strings as the input and returns an IDictionary object. Assertion Decoder Plugin takes in a set of assertions(both sent along the request and present in WCF security tokens) and returns an ordered dictionary of category/claimvalue pairs. The default decoder takes in assertions in the form of name/value pair(ex:“Department=IT”, “Role=Developer” etc) and returns a Dictionary with category as the key.

The AssertionDecorder plug-in component is hosted, as a part of the ConfigServer service, in IIS. The component works with the Caching component that caches the requests. The main class used by the client components is Microsoft.Ccf.ConfigurationSystem.Client. You should have a custom plugin to return category claim value based on a custom criteria.

To configure the AssertionDecorder plug-in in the configuration file, you must edit the web.config file in the You must ensure that the AssertionDecoderPlugin and the CachePlugin entries in the web.config file, located in <wwwrootDir>\Microsoft.CCF.ConfigurationSystem.Server.ConfigurationService folder, appropriately as shown below:

< Microsoft.Ccf.ConfigurationSystem.ServerSection CertificateIssuer="CN=CONFIG_SERVER_TEST_1" CertificateSerialNumber="f0 08 1e 67 a7 06 2a a4 49 f7 e2 a7 c2 7b 53 a9" ReaderWriterLock="10000">
    <Plugins>
      <add name="AssertionDecoderPlugin" type=" Microsoft.Ccf.Plugins.DefaultDecoder, Microsoft.Ccf.AssertionDecoderPlugin" />
      <add name="CachePlugin" type="Microsoft.Ccf.Plugins.CacheContainer, Microsoft.Ccf.CacheProviderPlugin" />
    </Plugins>
</ Microsoft.Ccf.ConfigurationSystem.ServerSection >

The AssertionDecoderPlugin and CacheProviderPlugin are required for configuration server, and have to be implemented in the bin folder of the Virtual Directory. If you are using the default plug-in provided with the code, you need to pass assertions to the APIs in the form of name value pairs.

For example, if you are calling an API to InitializeConfiguration, then you need to define assertions in the following way:

ConfigurationUpdater updater = ConfigurationUpdater.Instance;
string[] assertions = new string[] { "Organization=CCF", "Status=CSR", "Role=Developer" };
Configuration config = updater.InitializeConfigurationStorage(<applicationName>,<shouldSign>,assertions);