I'm having a windows application that will be deployed on multiple pcs in different networks. This applications need to launch some actions upon receiving appropriate request from external service.
For this, I got HttpListener that waits for requests and performs required actions.
The issue is with NAT and security. When windows application starts it needs to tell external service that it's alive and how it can be reached (being behind NAT it's not as trivial, some kind of tunneling is needed?). When external service needs something to be executed on windows application, it sends it a request and application should proceed with actions and send response to the server.
What is the best way to expose my Windows Application behind NAT to external service (tunneling?) and how to make it secure (HTTPS?)? Or, maybe, there is a better solution for this kind of remote calls (RPC?)?
Sending http requests to clients behind NAT means, that you have to manually create a route in your NAT router for each client that forwards a port on the external IP to a fixed internal IP.
To make it secure, you have two options:
Use TLS (https) = each client needs a cert and accept https
Leave the requests insecure but keep them in a "secure environment". This could be done with an VPN connection between your server and the NAT network (while defining the local network as secure).
Such a setup works fine if you want to run a server application (one host) and are willing to invest some time. It will typically shorten your life if you want to do that with a large amount of client applications in a company network.
There are technologies available to send messages to clients without having to configure anything on routers. For .Net we have SignalR which combines multiple approaches and uses "the best possible": https://dotnet.microsoft.com/apps/aspnet/signalr
Related
Situation: We have a web application running on a server. This application needs to fetch data from some other PC(Clients), which are on a different network.
On the clients' pc there are WCF hosted in Windows Services using its their local Sql db. i want to make duplex communication between server and clients for share data with each other.
data share mean share data-table,data-set,string etc between clients and server .
Problem :
1) I have no control over the firewall, proxy, NAT on the client side PC. Mostly company Employee PCs have lots of network security e.g firewall block ICMP traffic and some port too, some Router might be Disabled port-forwarding etc etc , client can change network place.
I don't want to make any setting on client side Router,proxy,firewall though .
during communication how can i handle that's kind of issue of client side?
as you know skype is working perfect in that situation.
firewalls very often block inbound connections to clients; the client may not be reachable from the server, it may be using NAT translation behind a router and so cannot be contacted without port forwarding being set up on the router and some new router disabled port forwarding .
2) On clients side there is no IIS .
I don't want to allow remote access on clients PC.
There are more than 100 Clients and only one Server. one server need communicate with many clients on different network .
3) One side my client application is using window application and wcf hosted in window service ,Other side on my server i'm using Web application . so its mean communication is between desktop pc and web pc , that's issue .
If both using a web application then it was not issue to make duplex communication.because i know WEBRTC is fit there lol.
Technology which i had already test and find issue
WSDualHttpBinding: Not work if client behind NAT. check this for detail click here
MSMQ : its bad technique if clients more than 1 and performance issue also because its use RAM memory . check here click here
Xsocket: Its also not work if ICMP traffic block by firewall on client. check here click
WebRTC: Its work fine but its support web to web communication .as my client side i have win app.
Socket.io: Its need to set up node.js and many other thing , hard to implement because i need implement on existence application , i am not making new application.
C# Socket Program: Its wouldn't work if client behind NAT.check here click for detail
Service Bus relay: Its not free even for testing .
socketPro: I studied i find its good but i can't find any right sample on google .so that i could test that.
Genuine Channels: I can't find any sample on google .
Lets see SignalR issue .: Server side i run a console application and Client side i run two application ,one is console and other web. when i was running console client application than it was not initiating connection with Server but when i was using web client application then it was working fine.
sample link is here SignalR two way communication
I can't understand why thas??
Please tell me What is best most secure and fast way to handle this situation? what approach should i use ?
SignalR seems to fit for this solution, because it's flexible.
It negotiates the fastest available channel of communication and that is what you are looking for.
You should investigate the problem with it and signalR will eventually work.
I'm using SignalR extensively to communicate between the servers (C#), between server and mobile apps (C#, Xamarin, iOS, Android). The servers are at different locations and the mobile apps can be anywhere. It all works very reliable.
Take a look at: http://www.asp.net/signalr/overview/deployment/tutorial-signalr-self-host and here http://www.asp.net/signalr/overview/guide-to-the-api/hubs-api-guide-net-client
I've been working in my spare time with sockets (admittedly in c++, not c# but there shouldn't be a difference), and I've never had an issue connecting to clients behind a firewall/router, even without port forwarding.
Routers and firewalls generally don't like server-like programs, eg. programs that bind the socket to a port number. Does your client do anything related to binding? Because it shouldn't.
Needless to say, I would suggest a socket program. The way I see it, it's the most flexible way.
I manage a web site for company that hired me after being unsatisfied with the original developer of the site. One function of this site is to add new patients. Part of adding the patient is to receive data from a USB port on the client machine via an applet. Since the Java 7 update 21 the applet does not work and the company has asked to remove the applet and replace it with a different solution. I am having trouble doing this, however, due to the applet listening to the client USB ports from the server to retrieve the data. I Have thought of a few ideas to solve this but am unsure if it is possible and haven't been able to find the answer online. I was hoping someone here could tell me if my idea is possible or point me in the right direction.
When the user adds a new patient the web site will call a web service on the server. This web service will then call a WCF hosted Windows Service on the client and active its serial port listener. Once the client's Windows Service has received the data the WCF will respond to the Web Service on the server and parse the data.
What I'm having trouble with is finding a way that the web service can call the WCF downloaded by the client and have it begin listening to the USB ports. If anyone could tell me how to do this, or suggest a better way to have the server initiate the client listening to the serial port I would appreciate it.
Do you have any system requirements?
When entering new patient, what kind of browsers are expected?
Will this be deployed as one solution, or clients expect that your application
can support any modern browser?
The main problem is that browsers are very restrictive in terms of what
kind of code you are allowed to execute. By default, browser won't allow
to execute any plugins / read any usb ports, let alone execution / installation
of arbitrary wcf service.
So, supposing that you have 'any modern browser' in requirements - you have following options:
Java / activex applet plugin. I believe this is the only sure-way to have access to usb
on a client machine. Also plugin must be signed with trusted certificate, or client must allow
execution of untrusted plugin (again, check requirements). I though silverlight would also
be a valid alternative, but according to my research (please correct if I am wrong) - its security
model does not allow any kind of USB access.
Prompt user to download and install browser plugin / helper object with access to usb.
And then communicate with your web page through this plugin.
Installing an entire wcf service on a client side would be an overkill in my opinion.
You would have to manage issues like firewalls, closed ports, security,
writing a self-hosting wcf solution, etc.
But if you managed to install and host a wcf service on a client side:
When the user adds a new patient the web site will call a web service on the server.
This web service will then call a WCF hosted Windows Service on the client and active its serial port listener.
Why not save a roundtrip and call client service directly from page?
Server would need to know client address to call it, which is not always possible.
Probably your web page can attempt to access localhost, at predefined port,
where your wcf service is listening.
Once the client's Windows Service has received the data the WCF
will respond to the Web Service on the server and parse the data.
It would be easier to respond on call from your web page (use polling if usb reading is slow),
and only then send to server. Browser already knows where to send data, and have permission
to do so. But if your server address is well known and can be accessed with domain name,
you can try to connect to it from your wcf on client.
Also there is a very similar topic, discussing connection to usb from client.
I'm developing a multiple client / multiple server program in C#, and before I got down to the nitty gritty, I was wondering if anyone has ever worked on a similar project and might be able to share their tips / ideas for implementation.
The servers will sit on many PCs, and listen for incoming connections from clients (Or should the Servers broadcast, and the clients listen?).
When a client starts, it should populate a list of potential server IP addresses automatically.
When a server closes, the client should remove that server from it's list.
When a new server starts, the clients should be notified and have it added to their list.
A server may also act as a client, and should be able to see itself, as well as all other servers.
A message sent from a client to the server, that affects the server, should broadcast the change to all connected clients.
Should my server be a Windows Service? What advantages/disadvantages does that present?
Any ideas on how I might go about getting started on this? I've been looking into UDP Multicast, and LAN Scans. I'm using C# and .NET 4.0
EDIT: Found this: http://code.google.com/p/lidgren-network-gen3/ Does anyone have any experience with it and can recommend/not recommend it?
I would suggest NetPeerTcpBinding WCF communications to create a Peer Mesh. Clients and Servers would all join a mesh using a Peer resolver. You can use PNRP or create a custom peer resolver (.Net actually provides you with an implementation called CustomPeerResolverService). See Peer To Peer Networking documentation.
Also you can implement a Discovery service using DiscoveryProxy. With a discovery service, services can announce their endpoints. The discovery service can then service find requests (see FindCriteria) to return endpoints that match the requests. This is referred to as Managed Discovery. Another mode is Ad Hoc Discovery. Each service will announce their endpoints via UDP and discovery clients will probe the network for these endpoints.
I have actually implemented a Managed Discovery service in combination with Peer 2 Peer WCF networking to provide a redundant mesh of discovery services that all share published service endpoints via P2P. Using Managed Discovery I have found performs far better as Ad Hoc Discovery using UDP probing is slower and has some limitations crossing some network boundaries while Managed Discovery leverages a centralized repository of announced service endpoints.
Either/both technologies I think can lead to your solution.
So is this effectively a peer to peer style network (almost like bittorrent), where all servers are clients, but not all clients are servers.
and the requirements are every client should hold a list of all other servers (which are, in turn, clients).
The problem lies in getting the server IPs to the clients in the first place. You can use a master server that has a fixed DNS to act as a kind of tracker, which all of the servers check in to, and the clients check periodically.
Another option (or an additional method) is to use a peer exchange style system, where each of the clients and servers use UDP broadcast packets over a local network to discover each other and then transfer the servers they know of, kind of like a routing protocol. However if the PCs are spread out over a non local network such as the internet, there's little chance that they will ever discover each other on their own, making this method only useful when used in conjunction with other methods of finding servers. Also, you will probably have to deal with router UPnP to allow clients to connect to each other through each others router NAT, so this method is probably too complex for the gains you get. (However, if you're just on a LAN, this is all you need!)
A third option (and again, this sounds a lot like torrent technology), is to use Distributed Hash Tables to store information about the IPs of your servers in the cloud, without having to rely on a central master server.
I have had a shot at a project like this before (a pure P2P, server-less messaging system), but could never get it to work. Without a huge amount of peers, or a master server to track all of the other servers, it is very difficult to reliably retrieve the IPs of all the servers.
I'm writing an application with both a desktop and a mobile app component. The desktop app is being written in c#, and I'd like to be able to open it up to act as a server for the mobile app (similar to what AirVideo does). How can I accomplish this without requiring the user to configure their firewall and/or router?
Ideally, I want to self host a restful wcf service in the desktop app. I've tried this already, but the automatic configuration of the firewall doesn't allow remote connections to the wcf service, since it appears to be hosted by the system process. Is there a workaround for this behavior?
Edit: I've solved the router problem as best I can through the use of the NATUPnP COM library (http://pietschsoft.com/post/2009/02/05/NET-Framework-Communicate-through-NAT-Router-via-UPnP.aspx). I still need to know how to allow remote connections through the firewall to a self-hosted WCF service without any manual configuration of the firewall (I'm okay with the user prompt to allow connections once the app is launched).
Set a specific port in your router that is designated to route to your server address,
So if your router real ip is a.b.c.d, you should set up that all communication to a.b.c.d:port# is being routed to your server local address. (a.b.c.d:port# --> serverIP)
The settings for this can be achieved from your router configuration.
In a situation where you cannot tinker with the router setting/firewall settings:
This means you cannot use ports to listen to incoming connections and can only use outgoing connections. to overcome that you will have to use a 3rd server with real IP-Address which will function as a listener for both sides. Typical scenario can be described as follows:
Client Side - A (Desktop)
Client Side - B (Smartphone)
Server Side - S (Communications Server)
S --> Open port for listening to incoming connections.
A --> Connect to S every x seconds to check if requests to do something are waiting.
B --> Connect to S. (issues a waiting request for A)
That way S is served as a proxy to glue both sides' communications.
I am developing a LAN-based database application. It involves a central "server" app to house the database, along with many "client" applications that access it.
The "server" will be a simple C#-based HTTP server that responds to GET and POST requests. However, since it is designed to be able to run from any laptop on the network, I am wondering how to establish the connection between clients and the server without knowing the IP address.
I suppose I could ping every IP address from 192.168.0.0 to 192.168.0.255, and then test those that responded to see if any are my server. But I would only do that if there is no better way. Any suggestions?
Many of these types of discovery services run by putting out some kind of beacon on either the subnet broadcast address (for 192.168.0.0/24 it would be 192.168.0.255) or by putting out a beacon on a multicast address.
Multicast is particularly interesting because in a properly configured network, it allows hosts to find the service even across subnets. Routers and switches won't generally forward broadcast packets across subnet boundaries, but multicast packets will.
The beacon would have information in it such as the port the service is running on, what type of service it is, whatever is needed to start using the service.
To head you in the right direction, what you should do is have the database server running on a specified port. Then send out a broadcast to that port from the client (the system needing to connect to the database). When the database server receives this, it will be able to respond to the sender, allowing a handshake to occur.
Of course, you will need to validate the database server's authenticity (to make it secure, unless you aren't worried about that). This can be as simple as having the client display 4 numbers which then need to be typed into the database, so that the database can send the 4 numbers back to the client proving it is the right computer (how the iTunes remote works), or you can use certificates (but that is too complex a topic for me to cover correctly).
After that the two computers will know each others IPs, and you're set!