I am currently working on a silverlight client, making use of a web server, and an application server.
Most of the users sit within our firewall, so they do not have any problems accessing the WCF service running on the application server (through a Service.svc file).
However, some users will sit outside of our firewall, and only have access to the web server, and not to the application server (Where the WCF service is).
I am hoping someone could tell me if there is a way for the client to use the WCF service on the application server, through the web server, without rewriting the WCF service on the web server, and only relaying the calls through that server.
I hope this is a clear enough description of what I need.
Thanks
Sounds like what you want is a router service. Unfortunately, there's nothing built-in into WCF to do that (at least until .NET 4.0 with its RoutingService.).
You can certainly build it yourself, either by building a specific, one-off routing service (i.e. you implement the same contract and manually forward each operation to the service inside the firewall), or by building a generic, reusable routing service.
If you choose the second option, a couple of articles might help get you started.
Rather than have your Silverlight clients accessing the application server directly, route all the requests through a proxy service on the web server.
An example of this is the "Cross Domain Proxy" pattern.
Related
I've been looking into the possibility of using ASP.NET Web API and SignalR in a self-hosted application, and I noticed that the ASP.NET Web API self-hosted implementation uses WCF, and the SignalR self-hosted implementation uses System.Net.HttpListener. This makes it a little harder to come up with a combined self-hosting solution, but it does get me wondering why the different project teams would use different approaches.
What are the advantages and disadvantages of each approach? Is there any particular reason why SignalR could not use WCF self-hosting, or Web API could not use HttpListener?
EDIT: I understand that Web API self-hosting provides a more complete stack than SignalR, my question is more about why you would choose a WCF implementation over System.Net.HttpListener when implementing your own self-hosting solution.
Web API self host provides entire HTTP stack so it's much much richer than System.Net.HttpListener.
SignalR uses that to purely open a communication window for its own purposes.
So yeah for now, you need to run them in parallel on different ports.
In the future, with OWIN, you will have everything under one roof.
EDIT: there was actually an issue similar to yours raised on SignalR github, and the answer was pretty much what I just said - https://github.com/SignalR/SignalR/issues/277
Just so we are on the same page, The WCF Self-host that Web API Self host uses, does use HttpListener under the covers. However, I think I may have found a major downside to the WCF Self-host.
I have not confirmed this yet, but it seems that when you use Web API Self Host, the base address you provide is not translated directly into a HttpListener prefix. It seems like WCF translates the base address and wildcards the host.
This means that the WCF self-host will respond to any host on the specified port. This means that you cannot run a Web API Self hosted service side by side with IIS on the same port using a different host name.
This might be the reason that SignalR decided to scrap the WCF Self-Host and use HTTPListener directly.
While you can use the WCF stack to host the services yourself, you may want to consider the "IIS 7.0 Hostable Web Core". It has the benefit of running IIS in your user process. Using this approach, you can have several applications running on the same port, irrespective of the technologies.
If you are interested, you can look at:
Host your own Web Server in your application using IIS 7.0 Hostable Web Core
Creating Hosted Web Core Applications
This all assumes you are running Vista or later...
I have a number of WCF 4.0 rest services on an internal application server which are accessed from a DMZ'd public facing web server. Essentially I am looking for the simplest way to restrict access to the services to calls from the web server and select internal accounts. It seems like a simple task of which I can find no simple answer.
Info:
IIS6 for both the web server and the application server
.NET 4
Web Server is not a part of a trusted domain
REST Services are 100% code.
Client calls are passing credentials via System.Net.CredentialCache.DefaultCredentials ( not sure if this is the way to go )
For the network part, you can disallow all IP's except the one of the ones you trust in IIS.
I have built a Windows forms application in C# using WCF for client -> server communication. I have recently begun toying with Silverlight and built a web front end for the application which still uses the same WCF service for web client to server application. What I'd like to do is have my WCF behind a firewall on a different machine and then build an "intermediary" WCF service which would live in a DMZ between IIS hosting my Silverlight client and the WCF box.
Essentially I want to seperate the WCF service which runs my windows forms application from also acting as a webserver. Does it make sense to build this intermediary app to increase security?
Can't see how that would increase security other than forcing connections to the WCF service to go through the DMZ ... but a straight forward http proxy server would do the trick.
The intermediary becomes more useful when you have a whole bunch of services and you want to centralize things like aunthentication, message logging in a single location or if you want to do some fancy (or not so fancy) message routing such as load balancing between a few services.
I have two questions I hope I can get an answer for with regard to my service oriented application
I am creating a service oriented application where controls have no events, it's all done by calling services... that means the service url is written in my jQuery code, but this seems somehow not nice.... It's like what is the best option to save service urls?! I feel it's hard to maintain and not secure when it's written inside the page or inside javascript referenced file.
I am talking to a hosting company and they told me that I can host this application services on cloud server and the application on another servers.... not all in the same server, but my application services are self hosted, I mean the services are inside the application.... so to make things work as my hosting company wants, shall I host the restful services in IIS or how exactly?
Service URL must be in your page or script source file. It can be local address unless you are using cross domain calls and JSONP - cross domain calls requires absolute address. It is the same as any other web technology. If you want navigation to other page, you must provide URL. If you want some picture or css file you must provide URL. Security is up to you.
This will be the problem of cross domain calls. Normally JS calls can be done only to the same domain where the page is exposed. Once the application server is exposed on different domain name your calls will not work. To avoid that you must use JSONP (WCF 4 has support for that). Exposing rest services consumed by your application from self hosted application is strange. REST services are consumed by your clients - they are front-end services and should be part of your application hosted on front-end web server. Your back-end application server should not host anything directly accessible by your clients.
Two weeks ago I needed a way to communicate a wcf service with a windows service running on the same computer. The windows service had to get data from a external source and share it with the wcf service (hosted in IIS) who had to give it when a client made a request. I chose to do that with ipc.
I done it and now the windows service is the ipc server and the wcf service is the ipc client. This goes well but I think I made a mistake doing this because to make it run right the windows service must to be executed with the ASPNET account, for this the ASPNET password account must be assigned and when I do that the IIS does not work correctly.
I am thinking on different alternatives, but in all of them the problem persists. Some ideas?
Edit:
What I needed was a system that made public, in a web service hosted in IIS, data gotten through telnet from another old system, what is a little unstable. How the response of this second system was slow I chose to put a process (the windows service) between the web service and the old system. The windows service had to save the data collected from the old system and when the wcf service asked it give it all at once through ipc.
Why does the windows service need to run as the ASPNET user? Is that because you're using an IPC connection that requires authentication from the caller?
Another alternative (if you have control over the windows-service code) would be to make that a WCF service as well (using a ServiceHost in the windows service). The IIS service could connect to the windows service using a NetTcp or NetNamedPipe binding if you need the IPC-like performance.
Why not just create another account with the same permission set of the ASPNET user which both the WCF service and your other service run under? That way, you have control over the password.
Ideally, the windows service should run as a WCF service, that way its easy for the client to communicate with it.
The next question is weather the 'client' needs to be a WCF service. If this client needs to serve other applications then it is appropriate, otherwise it may not be nessesary. I don't know enough about your system, so its up to you to decide what's best!