I followed this tutorial (at least based my WCF in this, coz I need then to work alike):
http://www.eggheadcafe.com/tutorials/wcf/b5ada8df-58c5-492f-b368-457b3a4f137c/notify-client-applications-using-wcf-callbacks.aspx
It's working very well on my computer, but i need to use it over the internet. While trying to do this I heard (over the internet) that is better to use netTcpBiding.
I gonna have a server that is going to be aware of the number of clients online. I wanted a WFC service on my IIS in the server, and a windows service consuming it and notifying it. I need the callback coz the server sometime have to be able to execute some commands on the client.
I would be very pleased if anyone could help me.
Thanks in advance,
Edit:
Making myself clear: I just could not make it work over the internet. Can you guys show me how can i change my configurations (Web.config e App.config) to use netTcpBinding and work over the internet?
Thanks again,
Edit 2:
My Web.config in my WCFServiceApplication is:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="WSDualHttpBinding_IPCWatcherWCFService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" />
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" />
</security>
</binding>
</wsDualHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="TiT.PCWatcher.Server.WCFService.Services.PCWatcherWCFServiceBehavior" name="TiT.PCWatcher.Server.WCFService.Services.PCWatcherWCFService">
<endpoint address="" binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_IPCWatcherWCFService" contract="TiT.PCWatcher.Server.WCFService.Interfaces.IPCWatcherWCFService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="TiT.PCWatcher.Server.WCFService.Services.PCWatcherWCFServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
My App.config in my WindowsService is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="WSDualHttpBinding_IPCWatcherWCFService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" />
<security mode="Message">
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsDualHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:25145/Services/PCWatcherWCFService.svc"
binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_IPCWatcherWCFService"
contract="PCWatcherWCFServiceReference.IPCWatcherWCFService"
name="WSDualHttpBinding_IPCWatcherWCFService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
Just changing it to netTcpBinding does not work...
But i would be glad enough to jut be able to run this over the internet... I published the WCFService on IIS. Links:
https://www2.tcenter.com.br/monitor/PCWatcherWCFService.svc
OR
http://www2.tcenter.com.br:8080/monitor/PCWatcherWCFService.svc
Just changing the configs its enought to make it work through the internet? like i said, local it works just fine.
I thought that just changing the endpoint address on the client to one of the URL's above it whould work, but it did not...
The example that you linked hosts the service on the WPF. I don't know if it applys to my cenario...
i Think i'm gonna stick with the DualHttpBinding, you don't think that port forwarding it's good for my needs, i'm can have a lot of clients in one intranet and having the router decide wich one he is going to send info for it's no good right? or there's a way to make the router respond corretly to each and every machine conecting to my webserver through the same port?! (just asking, hehehe)
Thanks a lot in advance,
Edit on 21/06/2012:
Thanks for the reading.
I was not able to get the service to work with netTcpBinding in LAN.
I did a mock sample of my cenario. It's here. Called DualCommunicationTest.
When I started this post, i just wanted to know how to make this cenarion runing on internet. Just that.
During my time searching for a solution before posting here, i readed that netTcpBinding is better. So i asked about it. It was just a side question.
So... my current needs on the post are:
How to use the sample i developed on the internet.
OR
How to make the sample i developed work with netTcpBinding AND then be able to use it on the internet. (I'm pretty sure Clunky Coder taught me the second part, on how to publish a net.tcp on the internet with the IIS and stuff, thanks a lot for that, but i was not able to test it yet, because i couldn't do a netTcp yet.)
I'm sorry if i'm not been clear enough, my English is not so good. sry and thanks again, a lot.
netTcpBinding is better for duplex communication (communication with callbacks) and it's more performant than WSDualHttpBinding which is the preferred binding for duplex communication over HTTP. But you shouldn't really use netTcpBinding over the internet although you technically can and it might work, but the ports that netTcpBinding uses may be (and usually are) blocked by firewalls on the internet. When you send something across the internet, it makes lots of hops and goes through lots of routers and firewalls, and there is no guarantee that those routers and firewalls will have all ports open. But if you can open the ports (for netTcp it's TCP 808) on both the client and server endpoints (usually done by port forwarding on the router) it may work, but the general advice is not to use netTcpBinding over the internet. Having said that I have used it a couple of times for my services, and my clients have been able to consume the service over the internet without any problems-after I forwarded the ports on both the client and server ends.
In general for duplex communication over the internet you have the WSDualHttpBinding and if you have a Silverlight client (Silverlight doesn't support WSDualHttpBinding) you can use PollingDuplexHttpBinding.
I also recommend you read this.
EDIT:
To change that example to use netTcpBinding, just change the bindings in the config file to use netTcpBinding instead of wsDualHttpBinding. Have a look at this article, it does what the link you posted does, with netTcpBinding and more explanation.
EDIT 20/06/2012:
Making myself clear: I just could not make it work over the internet.
Can you guys show me how can i change my configurations (Web.config e
App.config) to use netTcpBinding and work over the internet?
Seems that you were able to get the service to work with netTcpBinding in LAN, so your earlier problem is now fixed and you're now having trouble hosting the service in IIS and publishing it online. When your service works in a LAN, it will work over the internet once you host it in IIS and forward the appropriate ports on the clients and servers routers, this is a common scenario and is documented well online. To do this You must host your service as an application in your IIS website. You need to make sure your service has a .svc file that points to the location of the service, then copy the contents of
the App.Config (Service config file) to a new web.config (in the same physical directory as your App.config) and also remove the <host><baseAddresses> section in the newly created web.config, point the physical path of the application to the location of this service on your service host computer. Once that's taken care of, just be sure to edit the default website bindings to enable the specific bindings your service uses, for netTcpBinding go to: Website -> 'Edit Bindings...' -> 'Add...' then choose net.tcp and assign it the ports.
Then on your application go to 'Advanced Settings' and enable net.tcp, netTcpBinding service will typically have http,net.tcp as it's enabled protocols. If you run into teething errors make sure the default app pool (or which ever application pool your website is using) has the required permissions to access and read the physical directory on the server in which the service resides.
Please read this and this, asking me to elaborate would just be repeating what they're saying.
EDIT 21/06/2012:
I just downloaded your service and hosted it in IIS and it's hosted fine, since its using HTTP and not nettcp then that means it works perfectly fine on the internet. If your service is something simple and you don't expect to do heavy processing with it (by the looks of it you're just trying to get the list of clients connected to it) then stick with wsDualHTTPBinding since the HTTP protocol will work in any environment and you don't have to worry about firewalls as you would with netTcpBinding. This is all I did to host the service in IIS (and make it available over the internet):
Go to DefaultWebsite in IIS, right click, add application, under Alias just give your service any name you wish to be able to see in the URL. Select Default App Pool or ASP.NET 4.0 app pool.
Point the physical path to where your .svc file is on your computer; for me its:
C:\Users\MyPC\Documents\DualCommunicationTest.Server\WcfServiceApp
Under enabled protocols ensure that you have HTTP on port 80 or any other port, for example 8085, but you will need to forward this port on your router to the Service host computer. If your Service host is on IP 192.168.1.4 in your LAN, then on your router forward port 80 (or whatever port you use-say 8085) to computer 192.168.1.4.
And it's that easy.
TCP binding is better for callbacks over the internet because TCP is dual direction by nature.
HTTP is a request, it is one way only. Hence the dual in dualHttpBinding. WCF has to create a second HTTP connection back to the client so the service can send requests to the client.
The Internet is not really set up for servers to call back via HTTP. Things like NAT being performed by routers means that ports must be forwarded in order to route the HTTP request properly, and the client would have to be running an HTTP server.
So, it is much easier to use TCP. Either that or possibly have the client request a reply object that is streamed from the server end (a never ending reply in effect), that the server can fire notifications down. This isn't simple though.
Related
I am trying to configure my wcf service to use a wsDualHttpBinding over https.
My current config looks like this:
Service
<service behaviorConfiguration="SecureBackendWebServiceBehavior"
name="WebService.InternalService.BackendWebService">
<endpoint address=""
binding="wsDualHttpBinding"
bindingConfiguration="SecureBackendWebServiceWsDualHttpBinding"
name="BackendWebServiceEndpoint"
contract="WebService.InternalService.IBackendWebService"/>
</service>
Binding
<binding name="SecureBackendWebServiceWsDualHttpBinding"
receiveTimeout="00:05:00"
bypassProxyOnLocal="false"
transactionFlow="true"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647"
messageEncoding="Mtom">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
Behavior
<behavior name="SecureBackendWebServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
When i call the service in my browser it says:
No baseaddress for schema "http" found with the the endpoint binding WSDualHttpBinding. Registered baseaddressschema is [https].
By googeling the problem I only end up with samples for normal wsHttpBindings but nothing for the dual binding. I already enterd a HttpsGetUrl but ended up with the same error.
Have I overseen some value, or why is he trying to get the information over http?
Btw. changing the binding to NetTcp is not an option!
Hope any of you can help me here.
thx
wsDualHttpBinding doesn't support transport security.
MSDN:
The WSDualHttpBinding provides the same support for Web Service protocols as the WSHttpBinding, but for use with duplex contracts. WSDualHttpBinding only supports SOAP security and requires reliable messaging.
So you can rely on message security here only.
Found a solution on my own. I used the patterns & practices Improving Web Services Security: Scenarios and Implementation Guidance for WCF to get a better understanding of security in WCF. This book also includes HowTos for certain scenarios. Only thing I had to do additional.
Because my Web Service is separated in three smaller services, one of them is using the WsDualHttpBinding I needed to tell iis that this one doesn't requires the ssl certificate for transport.
For now on my service talks, but I need to check if it really uses the security I want to have.
UPDATE:
Found this article that also contains a step by step tutorial.
I have deployment of WCF service on IIS 7 with support for Non-HTTP enabled
Under one project, I have exposed 8 different services with wsHttp endpoints which works fine.
I want to also expose NetNamedPipe bindings for the same services.
My sample NetNamedPipe bindings . . .
<netNamedPipeBinding>
<binding name="PassportIPCBasicEndpoint"
closeTimeout="00:05:00" openTimeout="00:05:00" receiveTimeout="00:10:00"
sendTimeout="00:05:00"
maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647" transferMode="Buffered"
hostNameComparisonMode="Exact" >
<readerQuotas
maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="Transport">
<transport protectionLevel="None" />
</security>
</binding>
</netNamedPipeBinding>
And my Service tags
<service behaviorConfiguration="default" name="MyAccountService.AccountService">
<host>
<baseAddresses>
<add baseAddress="http://localhost/MyAccountService/v1.0/AccountService.svc" />
</baseAddresses>
</host>
<endpoint name="PassportIPCBasicEndpoint"
address="net.pipe://localhost/MyAccountService/v1.0/AccountService.svc"
binding="netNamedPipeBinding"
bindingConfiguration="PassportIPCBasicEndpoint"
contract="MyAccountService.IAccountService"/>
</service>
This gives me following exception :
The protocol 'net.pipe' is not supported.
[InvalidOperationException: The protocol 'net.pipe' is not supported.]
System.ServiceModel.Activation.HostedTransportConfigurationManager.InternalGetConfiguration(String
scheme)
[InvalidOperationException: The ChannelDispatcher at
'net.pipe://localhost/MyAccountService/v1.0/AccountService.svc' with
contract(s) '"IAccountService"' is unable to open its
IChannelListener.]
I have added entry for http,net.pipe in advanced site settings in IIS.
Non-HTTP support for WCF service is also installed and enabled through control panel settings.
out of 8 .svc services only one such service is able to get hold of port and I can browse it's .SVC endpoint
all other services when configured for netnamedPipe binding give me above errors.
Can some body guide me, what needs to be done to make them all get hold on port and be accessible.
This problem was with enabling the protocols at the correct place.
Previously i had enabled net.pipe protocol at site level.
After enabling net.pipe protocol at each virtual path of the hosted services.
It worked.
The netNamedPipe binding is only for on-the-same-machine communication - you cannot call such an endpoint from a remote machine.
Is that what you're trying to do??
netNamedPipe binding is great for intra-application communication on the same machine - but not for anything else, really.
On a production server (Windows Server 2003 SP2) I can connect to a remote WCF service with Internet Explorer 8: When I browse to the URL http://www.domain.com/Service.svc (where my service listens) I get the expected info page of the service displayed. Connection settings in Internet Explorer only specify "auto detect", proxy settings are disabled.
If I start a console application (built with WCF in .NET 4.0) on the same server which also tries to connect to the same WCF service it fails telling me that no endpoint was available listening on http://www.domain.com/Service.svc.
Configuration of the WCF client:
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IMyService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="None">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://www.domain.com/Service.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMyService"
contract="Service.IMyService" name="WSHttpBinding_IMyService" />
</client>
</system.serviceModel>
<configuration>
With these settings I can communicate successfully with the remote service from my development machine.
Looking around for other options I found that I can specify to use the Internet Explorer proxy settings with:
<system.net>
<defaultProxy>
<proxy usesystemdefault="true" />
</defaultProxy>
</system.net>
It didn't work and I am not sure if I understood this setting really correctly. (My hope was that the WCF client will adopt the "autodetect" setting of Internet Explorer and then connect the same way to the service like the installed IE.)
I also had toggled the useDefaultWebProxy setting in the binding configuration between true and false with no success.
Now I am asking for help what I can do? Which settings might be wrong or missing? What could I test and how can I get more detailed error messages to better identify the problem?
Thank you in advance!
Edit:
Stack in Innerexception is saying:
System.Net.WebException: Connection to remote server could not be established
System.Net.Sockets.SocketException: Connection failed since the host didn't answer after a certain time span or the connection was faulted since the connected host didn't answer.
Although Internet Explorer can connect to the service without specifying a proxy address but only enabling the "auto detect" feature this doesn't seem to work with my WCF client when setting <proxy usesystemdefault="true" />. (Documentation says: This will pickup the Internet Explorer settings. But it doesn't work.) Finally the customer gave me a concrete proxy address and I have changed the binding in my client configuration the following way:
Changed: useDefaultWebProxy="false" (instead of true)
Added: proxyAddress="http://10.20.30.40:8080" (Edit2: Not only IP-address! The prefix with http:// is important! Otherwise it will throw new exceptions, see the follow-up question below.)
With this the WebException and SocketConnection disappeared and the Client seems to connect to the Service but I am having now the next issue when calling the first service operation. I will put this in an new question.
Edit: Here is the follow-up question:
Strange exception when connecting to a WCF service via a proxy server
Edit2: According to the answer in the follow-up question it is important to prefix the proxyAddress with http. (changed my answer now)
Did you maybe just introduce a typo into your address on the client??
address="http://www.domain.com/Service.scv"
Shouldn't that be
address="http://www.domain.com/Service.svc"
(.svc instead of .scv at the end) (confirmed as no typo in reality)
Also, this address would indicate your *.svc file is in the root of that machine - is that really the case?? Normally in IIS, your address will be made up of machine name, virtual directory where the *.svc file resides, and the *.svc file itself, so something like:
http://www.domain.com/ServiceDirectory/Service.svc
I am not sure how you are hosting your service, IIS?
I didn't see anything wrong really in the configuration, other than
<security mode="None">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"/>
</security>
If you say that when you type in the address in the IE you see the service, then it is leading me to believe that it is security setting that are wrong. Try removing the security block form the client config file or where ever you have it and see if that works....
If it does, we might have it narrowed it down...
The issue here may have been as simple as the case of true vs True
<proxy usesystemdefault="True" />
I have a full trust XBAP which connects using reliable sessions to a remote service using the endpoint configuration attached below. The catch is that when running the application behind a client's organizational proxy server, the WCF requests are blocked on Windows XP but pass through fine on Windows 7. My suspicion (pending further analysis by the client) is that the default proxy credentials are not attached to the HTTP or HTTPS requests on the XP machines, despite the useDefaultWebProxy=true setting.
Is this a known issue on XP, or am I missing something? Is there a way to bypass this issue?
Thanks in advance for any help
Binding configuration for the secure (production) version:
<customBinding>
<binding name="Https_IOltpLogic">
<reliableSession ordered="False" inactivityTimeout="00:20:00" />
<httpsTransport />
</binding>
</customBinding>
For the demo (unsecured) version:
<wsHttpBinding>
<binding name="WSHttpBinding_IOltpLogic"
allowCookies="false"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
messageEncoding="Text"
textEncoding="utf-8"
useDefaultWebProxy="true">
<reliableSession enabled="True" ordered="False" inactivityTimeout="00:20:00" />
<security mode="None" />
</binding>
</wsHttpBinding>
(Please note that neither of them work under the described conditions!)
Well, it worked itself out after the client's network admin fiddled with the proxy server settings... since I wasn't allowed to analyze the HTTP traffic I don't really know which headers were missing/modified that caused the WCF requests to be blocked and the normal browser requests to pass though.
We have a system where the users access a web server, the web server then calls a WCF service.
We would like the call to the WCF service to be made in the security context of the windows identity of the application pool on the web server.
What is the best way to do this? Can it be done purely through configuration in the web.config file.
Thanks
Shiraz
Yes, you should be able to do this, all in config:
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="WinAuth" mode="Transport">
<transport clientCredentialType="Windows" />
<bindings>
</netTcpBinding>
</bindings>
</system.serviceModel>
Of course, depending on your binding, you'd have to use a different tag under the <bindings> parent node - and of course, not all bindings support all security modes.....
In your endpoint, use the appropriate binding and then just reference this config:
<endpoint name="WCFService" address="......."
binding="netTcpBinding"
bindingConfiguration="WinAuth"
contract="......" />
That should do it! And of course, if you need message security instead of transport security, you can do that, too.
In your WCF service method, you can check to see whether or not the Windows credentials have been sent over, and what they are, by checking:
ServiceSecurityContext.Current.WindowsIdentity
This will be NULL if you don't have a Windows caller, otherwise it will show who called you.
Marc