I have a WCF Service that I want my client to be able to consume from IIS without going through a proxy. The client was consuming asmx service in vbscript using the htc behavior:
<div id="oWSInterop" style="behavior:url(webservice.htc)"></div>
oWSInterop.useService "http://localhost/WSInteroperability.asmx", "WSInteroperability"
Set response = oWSInterop.WSInteroperability.callServiceSync("BuildSingleDoc", 1002, 19499, XMLEncode(sAdditionalDetail))
So basically I just want to make this work with making as few changes as possible on the existing client. Am I forced to use a proxy (that is, a class on the client side that exposes the operations in the WCF service) when consuming a WCF service? I do understand the benefits of a proxy and am not opposed to using it for most other client implementations, but in this case I'm not sure I have the time to deal with it on the client - i just want it to work the way it has been with only the endpoint changing.
A client-side proxy class to call the service?
Yes, you definitely need that (unless you do REST-based WCF services, which you can call with a HttpClient alone) - that's where the whole WCF runtime lives and does its magic.
If you want to call up REST-based services, you can do this without any proxy whatsoever - but then you're left to do XML or JSON parsing yourself. It can be done, but it might not be such a great idea.
What's the problem with the proxy?? It's really just a small wrapper that bundles up your calls into a serialized message and sends it to the server side. No big harm, in my opinion....
What are you seeing? What makes you thank that proxy is an issue? If that is server-side code, it should use the browsers settings (WinINet) which should work fine. Perhaps the "localhost" would be an issue, though, since to the client that still means "talk to yourself" (i.e. not the server).
If that is server side you'll probably need to configure WinHTTP appropriately; in particular, to skip the proxy for local addresses. Of course, "localhost" should loop-back anyway...
Related
We have developed the wcf service with the existing web service code. the existing customer wants to consume that service only changing the new url. They do not want to replace the proxy class. is it possible in any case.
The customer is able to consume the same with replacing the proxy and config. but he does not want to replace the proxy. please share ur comments whether it is possible or not.
You may be able to do this by configuring an endpoint using basicHttpBinding. I believe you will also need to force the use of the XML Serializer, and I don't know how to do that offhand, so someone else will have to help you with that. I'm concerned that there could still be small differences that would cause errors using the same proxy class.
On the other hand, if performance isn't the top consideration, you could create an ASMX service using the original class and method attributes from the old service. This ASMX service would then call the WCF service.
BTW, the ASMX service could call the WCF service on a fast endpoint. If they were running on the same server, they could use netNamedPipesBinding, for instance, but in any case could use netTcpBinding, which uses binary over TCP/IP. That would mitigate the performance difference from the extra hop.
I have a silverlight web application and I am loading data to the client side using a wcf service. Should I secure the WCF service? Can anyone who's on the network call methods of the service?
Yeah they can see and access the service if they know the url.
And if they can see it, they only need to do a "Add Service reference" and they can see all methods available.
And since silverlight uses the basichttpbinding, it can work through firewalls (they typically allow http traffic).
You should secure it if it contains sensitive info.
By default you'll have security through obscurity, so if you're not broadcasting your WCF service's presence, it's not likely to be found or called. Additionally, it would be very hard to use it without having an appropriate client proxy configured. If you do not have the MEX endpoint set up, you are again pretty safe.
All that said though, you haven't really authorized the calls. It's theoretically possible to locate your WCF service and create a proxy to call it. So if you want to be safe, which I recommend, look into WCF authorization. It's fairly easy to set up, and you can use various options such as username-password, Windows accounts, or X.509 certificates. Each has its pros and cons.
This article goes into great detail, and there are others. http://msdn.microsoft.com/en-us/magazine/cc948343.aspx
I'm a WCF newbie, and I need some help to begin with a project:
I will have a managed application (server) that needs to communicate (messaging system) with several clients over the internet and vice versa.
What is the best approach to achieve this?
using wsDualBinding?
UPDATE
I decided to use the NetTcpBinding mode instead.
It depends on what capabilities your service needs to expose, and what type of clients you need to support. Any of the HTTP-based bindings will work over the internet, its simply a question of the way the data is encoded.
A summary of the built-in bindings and what they support can be found here: http://msdn.microsoft.com/en-us/library/ms731092.aspx
But the most common are:
BasicHttpBinding - This is a basic web service-style binding, usable by any SOAP client.
WebHttpBinding - This allows your service to be used by non-SOAP HTTP clients
WsHttpBinding - This allows your service to use extended service features like transactions and sessions.
WsDualHttpBinding - This is required if your service needs a duplex channel, meaning your service needs to make callbacks up to the client.
Since you specifically asked about the dual binding:
If you are writing an application that needs to be able to make a callback from server into the client, then a dual binding is really your only option. Since you specifically mentioned chat, however, I don't think a dual-channel service is going to work very well.
The way the callbacks work in WCF is that your client makes a call to the service, using a dual channel, and must provide an implementation of the callback interface. The server can use this to make calls to the client for the duration of the service method call; the callback context is per-service-call, so once that call returns, it is no longer valid. In other words, your server cannot just asynchronously "call into" your client, it has to wait for the client to "poll" the server. And if you're going to do that, you don't really need the callback anymore.
Honestly, I don't think I would use WCF for an interactive bi-directional chat application, but I can think of two possible options to do so:
Do the polling client option, using a simple BasicHttpBinding on the server and continuously ask for new messages.
Set your client applications up to self-host a local WCF service, and provide the endpoint information to the server when you log in. This requires your clients to accept incoming connections, which gets messy (but if you can pull it off, I'd go for a NetTcpBinding here.)
WSDualHttpBinding is not a good choice for internet. Callback works great only in local network (intranet) that has no Firewall and NAS restrictions.
See this post for more details:
Connecting over internet to WCF service using wsDualHttpBinding times out
Use WsHttpBinding if you want to set up server to server communications (that should work for WPF).
Use WebHttpBinding if you are planning to use data from Javascript.
I am developing a wcf service (basicHttpBinding) that should also be consumed by non .net clients (e.g. Java clients). But now I wonder how the client can define his client config file. Or is this file only needed for .net-clients? (I am thinking of configurations like maxReceivedMessageSize or maxItemsInObjectGraph for example).
Each development platform (call it as you want: SOAP stack, Framework, API) has its own way to configure communication. You don't need to bother with it. You just need to expose correct WSDL and client's developer will be responsible for configuring the client application based on his needs.
If you want to extend documentation of your service in WSDL you can use wsdl:documentation. WCF doesn't offer it by default but you can use this technology sample to extend WCF. You can use such documentation for example to describe that service operation can return large amount of data. Another approach to add wsdl:documentation is using WCF Extras.
From the sound of it, the client shouldn't have access to those configuration options. For instance, why should a client to the WCF service be able to specify the maxReceivedMessageSize?
What you probably want to do is define these configuration options on the server-side. If a client makes a call and there is a conflict with one of your options (i.e. the client exceeds maxReceivedMessageSize), you'll want to throw a SoapException back to the client.
If you want to let the client have access to the configuration settings before he or she sends a request, you can always implement a simple web service method that sends back the values.
I'm trying to build a WCF self hosted service (eventually in a windows service) that will receive binary and text base messages from remote thick clients that have no accounts on my hosted machine. I'm trying to figure out both my binding options and security options, and in reading the patterns and practices guides, my head has completely spun around at least once.
The clients would be authenticated against a custom SQL based method, so I'd like to be able to pass that info in the initial login request and then set an authorization token of some kind. (This part of the problem is probably outside the scope of the question, but I included it in case it might make a difference.)
Any thoughts at all would be very helpfull.
Ryan
The choice of binding and security option depends on the usage of your WCF service. Is it just for your rich client or are you planning to expose it to the world as API? If it's just for your rich app, does it run on LAN or over untrusted, unreliable Internet?
With WCF you can configure the service to expose multiple endpoints with different bindings, for example both SOAP and REST. In general, I'd start with something stateless and lightweight like basicHttpBinding and webHttpBinding, passing user and password on every request. Once you have that up and running you can optimize cache authentication, provide binary endpoint etc.. only if it actually helps.
There's no need to have just one binding. Having said that if it's self hosted you're "on your own" here. I've never looked at what's involved.