I’m developing a .NET/C# application software for an instrument which has a built-in PC (Core 2 CPU/2.66GZ/4GB RAM) and will have access to the Internet from behind the facility IT firewall. The software is made up of two parts: a rich client desktop app for UI and device control and a web app (silverlight) for providing remote maintenance such as device configuration and calibration via internet using browser. This device web site will be hosted using IIS locally on the instrument. My questions are:
What is the risk of running an IIS hosted web site on a device?
What does it take to make it secure so that data and operation of the instrument is immune to potential hackers.
Is it a better design to provide web services (or WCF services) as the interface for remote maintenance? In this case, I’ll create a rich client service utility program that can consume the web services over Internet for remote maintenance purpose.
Wow, thats an interesting project!
Personally I would take a different approach and have the device/instrument pull the maintenance info from a centralized server instead of hosting the service that performs it.
Do you really want to worry about the maintenance of updates & patches on that device.
but Ill try to answer like you didn't have any choice.
1) the risks are the same as any website. you have to deal with authentication, in your case I would have allowed IP ranges.. etc.
2) Nothing is immune. But just google WCF security for a start.
3) Yes that is a better approach if the services are hosted outside the "instrument"
good luck, sounds like a fun one.
See the WCF Developer Center for much information on WCF.
One feature of WCF is that it's possible to host a WCF service in almost any kind of program. In particular, you could host a secure WCF service on your device - without needing to run IIS or any other web server at all.
Related
I'm new to web development and just built my first website with .Net Core. It's primarily HTML, CSS, and JavaScript with a little C# for a contact form.
Without recommending any service providers (question will be taken down), how do I go about deploying the website? The more details the better as I have no idea what I'm doing haha.
Edit: I am definitely going to go with a service provider, however the business I am building the website for doesn't have a large budget so I want to find the best provider at the lowest cost.
Daniel,
As you suspect, this is a bit of a loaded question as there are so many approaches. One approach is to use App Services within Microsoft Azure. You can create a free trial Azure account to start that includes a 200.00 credit, which is more than enough to do all of this for free. Then, using the Azure Management Portal, create an App Service (also free) on an App Service Plan in a region that makes sense for you (i.e. US West). Once you do that, you can download what is called a Publish Profile from within the App Service's Management Portal in Azure.
If you're using Visual Studio, for example, you can then right click your project and "Publish" it (deploy to the cloud, or the App Service you just created). One option in that process is to import an Azure Publish Profile, which you can do with the one you just downloaded. This makes it really simple. The Publish Profile is really just connection information to your Azure App Service (open it in Notepad to see). It will chug for a bit and then publish and load the app for you. You can also get to the hosted version of your app by clicking the Url of the app in the App Service management portal on the main page.
This may be oversimplifying what you need to do, but this is a valid direction to take. AWS and others have similar approaches.
Again, tons of ways to do this, but this is a free approach. :-) I don't consider Azure a Service Provider in the sense that you asked us not to. Instead, I wanted to outline one turn-key approach with specific details on how to get there.
You can find specific steps in a lot of places, such as this link:
https://www.geeksforgeeks.org/deploying-your-web-app-using-azure-app-service/
DanielG's answer is useful, but you mentioned you don't want use any services from service provider.
Usually, there are only three ways to deploy the program,
first one is the app service provided by the service provider mentioned by DanielG,
**Benefits of using service provider products:**
1. Very friendly to newbies, follow the documentation to deploy the application in a few minutes.
2. It offers a very stable, scalable service that monitors the health of our website.
3. We can get their technical support.
**Shortcoming**
It is a paid service, and although Azure's service has a free quota, it will run out.
**Suggestion**
It is recommended that websites that are officially launched use the services of service providers.
second one is to use fixed IP for access (it seems that fixed iPv4 IP is not provided in network operations),
**Benefits of using fixed IP:**
If there is a fixed IP address, or if the carrier supports iPv6, we can deploy our website, and the public network can access it. And if you have domain, it also can support https.
**Shortcoming**
1. There are cybersecurity risks and are vulnerable to attack.
2. Without perfect website health monitoring, all problems need to be checked by yourself, and it is very troublesome to achieve elastic expansion.
**Suggestion**
It is generally not recommended because there is no fixed IP under normal circumstances. Broadband operators used to offer it, but now it doesn't.
If you are interested, you can try ipv6 to test.
the last one is to use tools such as ngrok or frp for intranet penetration.
**Benefits of using intranet penetration:**
Free intranet penetration services such as ngrok, the URL generated by each run is not fixed, and there are some limitations, such as a new URL will be generated after a certain period of time, which is enough for testing.
Of course you can purchase the service of this tool, which provides fixed URLs and supports https.
**Shortcoming (same as the second one)**
**Suggestion**
The functional implementation is the same as the second suggestion, and the physical devices used by the website are all their own. The intranet penetration tool (ngrok, or frp) solves the problem of not having a fixed IP, providing a URL that you can access.
There are few users and the demand for web services is not high, so it is recommended that individual users or small business users use ngrok and frp in this scenario. Generally suitable for OA use in small businesses.
i'm about to decide on technology choices for an agent based application used in the transportaion systems domain.
basically there will be a central system hosting the backend, and multiple agents located across town (installed on desktops) that communicate with devices/kiosks collecting data and then transmitting them back to the central server. the central server could also be hosted on the cloud.
following are important
securing the data and communications between the device and the agent
and the agent and central server.
agents should be easily installable with little or no configuration.
near 100% uptime and availability
Does WCF fit the bill here?
if so what binding types should i go for? netTCP or wsHttp with SSL/HTTPS?
WCF is definitely a fit choice for this kind of scenario. For your bindings, the actual question is what technology you are going to use. Do you want to make the agents run in a non .NET environment like Java, then you should chose for wsHttpBinding. This binding communicates through SOAP and is very interoperable.
If you chose to use .NET agents, you might as well use netTcpBinding because they use the same WCF frameworks. It also supports binary encoding. If you really need to make a choice, take a look at the MSDN Documentation.
For your agents you could use a simple console application that runs in the background as a Windows service. WIX can help you with that (install an application as windows service), but thats all I know. WIX can also help you with basic installing and configure everything for you but it has a high learning curve so you might need to invest time in it.
I've been working with WCF fairly extensively for over two years now and have almost always taken the "lazy" route and deployed everything through IIS. Some of the reading I've done lately is starting to trend to where developers are using custom hosts in windows services or as console applications. Is there major benefits to switching over to that paradigm or is my current strategy of hosting everything in IIS give me everything I need to do WCF services?
When you go the self-hosting route, you limit the scalability & reliability options of your services. If scalability isn't a concern, you still need to consider all the service monitoring functionality that you'd have to create to be sure your services are running reliably.
If I had to pick two reasons to prefer IIS hosting over self-hosting they would be the flexibility of the WAS service instantiation model for IIS 7.x and the Windows Server AppFabric features for WCF 4.
If you're using a pre-WAS version of IIS (5 or 6), Windows services may be your best (only?) good bet for hosting WCF services that communicate via named pipes or netTCP (anything other than HTTP).
In the 3rd Edition of Programming WCF Services (link), Lowy suggests using Windows Server AppFabric in some situations, and suggests self hosting in a few cases - when you need to use the service bus and IIS 7.5 is not available, for example. Pages 22 and 23 show a couple of simple charts to help determine when to use self hosting over IIS, WAS or AppFabric. I think the first chapter (maybe more) is available for free if you get a Kindle sample.
Other than these scenarios, I'm not sure why you'd ever want to chose any sort of self-hosting over WAS. I'm curious to see if anyone presents good reasons.
we are currently on windows server 2008 R2, IIS 7.5 and we are going to open some of our data via WCF services.
To do that, we are planing to host our services on IIS but I heard that it is not a good idea for WCF services.
The problem with the WAS is that it is general purpose hosting engine. it's actually unaware that it's actually hosting a WCF service or a website (as far as I know)
I heard that we can install an extension to the WAS called the Windows Server AppFabric.
does anybody have any experience on
AppFabric?
should my app have to use so called
'Service Bus' to use AppFabric?
should I go ahead and definitely
install it?
at most basic level, how and where
can I install it? does it require
any licence?
Thanks in advance.
I don't think IIS us a bad idea - many developers use IIS to host their WCF services. IMHO you'd only use what you need, so if all you need is a hosting framework, then IIS is a very good option for WCF services. It is (almost) unaware that it's hosting a WCF service, but that in the majority of the cases isn't an issue.
Windows Server AppFabric as it's currently released provides three capabilities: a distributed caching system (so if you need to scale out your service you can use this cache to share state among the nodes); a packaging / deployment interface (in which you can package a project and deploy it a little easier in IIS); and a management / monitoring interface (where you can monitor the instances of WCF and Workflow services which are running in your machine).
Answers to your questions:
Yes, some people have experience with it :)
No, the application doesn't have to use it. You'd only use the ServiceBus if you need its functionality (relay)
Only if you need it. If you don't need caching or the monitoring capabilities, for example, then I'd say you don't need it. I've found in the past that the least number of components I have in my system, the less likely it is to break.
Go to http://msdn.microsoft.com/en-us/windowsserver/ee695849.aspx. And AFAIK you don't need any license, but you can check on the download page to see if it has more information.
There is no real common reason why not to host a service in IIS/WAS.
If you want to absolutely, totally 100% make sure that your service is continuously running some process, such as a continuous loop or polling monitor, and if any interruption no matter how brief is a major issue, then you'd want to look at alternative hosts.
Win Server AppFabric is most useful for WF Service hosting and caching. Note however that Win Server AppFabric + Win Server Service Bus 1.0 represents the first steps in convergence between the Azure platform and the Windows Server private platform.... In other words, whichever of the two ways you choose, that's what is going to be earning your bread and butter in 5 years time.
I am in the process of integrating our custom web app with QuickBooks Enterprise 9. My thought is that I could use QuickBooks as my "database" of sorts. When a person creates an invoice, the invoice is actually stored only in QuickBooks. When a person views a list of invoices, they are actually viewing a list of QuickBooks invoices. I want to make sure the data is stored in only one location.
I realize that I could use the QB Web Connector, but the problem with that is I wouldn't have control over when the requests to QB actually get processed (That job is up to the Web Connector).
So I have my web UI to act as the QuickBooks "face," but I don't have any good way to get to and from the QuickBooks file located on an internal server. What I was thinking was that I could create a WCF web service and install it on the QuickBooks server. The web service could then be my integration point. My custom web app could then consume the web service and, viola, I have access to my QuickBooks files.
My question is this: Can a WCF app connect and run QuickBooks? If not, could i create a Windows service to act as my point of integration? If so, can my custom web app "consume" a windows service?
I'll start by warning you that QuickBooks probably isn't your best choice for a reliable back-end database accessible from a remote website. In fact... it's probably a really, really bad choice.
You should have your own application database, and then if you need to also exchange data with QuickBooks, do that outside of the normal lifecycle of your app, as a separate sync process.
QuickBooks generally isn't reliable enough for always-online type of applications due to a number of reasons:
Flaky SDK connections
Updates and single-user mode will
lock you out of accessing QuickBooks
Difficulty in establishing SDK connections from non-GUI processes (Windows Services and IIS processes)
With that said...
Yes, you could create a WCF web service, host it on the QuickBooks machine, and make your WCF web service relay messages to/from QuickBooks.
Yes, you could also create a Windows Service that does the same sort of thing.
Do NOT implement it as a Windows service, and do NOT implement it within IIS - instead implement it as a GUI app that runs alongside QuickBooks.
If you try to implement things as a Windows service or within IIS, the QuickBooks SDK requires you have a GUI available (it users a GUI COM message pump for events dispatching or something like that...) to process requests, so you'll probably need to use something like QBXMLRP2e.exe to straddle the process boundary between QuickBooks and your non-GUI Windows service/IIS. My experience has been that it's a gigantic pain in the butt, and requires mucking with DCOM permissions as well.
I have an example and some documentation on my QuickBooks integration wiki.
The IDN Forums are a good place to ask questions.
My recommendation to you would be to either:
Use the Web Connector and QuickBooks
and give up hope of keeping all of your data in one place. Cache the data in a real database, and update it by querying QuickBooks periodically. I'm almost done building a solution to do exactly this right now, and it works fantastic.
OR
Use a different account system. NetSuite is pretty nice. I'm not sure what else is out there, but if I were you I'd look for something SQL-based or with a strong SOAP/REST API.