This is the scenario:
We have an IIS set up on server A configured with own app pool and an ASP.NET API
We have two configured MSMQ services one in server A and another in server B
We configured access to MSMQ to default app pool in server A (IIS and MSMQ are on the same server) and the permissions work fine, only app pool can send messages
We tried to set up the same for MSMQ at server B (and no messages are sent from API)
4.1 We set permissions in MSMQ Server B to all users still no messages can be sent from API ( but we can send messages from a winforms test app)
Has anyone faced similar situation? Are there any specific setup for this ?
BR
Geo
This sounds like The Double-Hop Problem and prohibits forwarding of client details from your server to another machine. The issue does not occur when you have IIS and MSMQ on the same machine since there's only one hop (user to server).
There's a lot more technical details published on this at How to use the System.DirectoryServices namespace in ASP.NET, which explains the double-hop issue, and primary and secondary tokens.
Related
this is my first questions on SO. Normaly I just wander the internet reading stuff until I can make up a solution.
So up until now we use HTTP Request and Response Model to communicate with Clients.
Using C# ASP.Net .Net Framework 4.0 hosted in IIS.
This way we are not able to forward information in real time to them from the server.
We would need to wait till the clients contact the server.
To solve this issue I think OWIN with SignalR V2 Middleware hosted in IIS would give us the ability to use Remote Procedure Calls, so whenever something happens that needs to be forwarded immediately to the Client, we can do so by calling that specific clients function or all clients.
For this of course the target Framework of the application needs to be .Net Framework 4.5 at least.
Now the problem I have is that in the Microsoft Documentation it says to use the IIS Express version, in order to enable the server to have more than 10 connections.
On the client side it would be no problem as ideally there would only be one connection at any given time.
But the Server should be able to have a whole lot more than just 10. As the Websocketconnections would stay open.
I am not an IIS expert, but why are there these limitations in the non Express version?
I would expect that one should be able to set the number of maximum connections despite the IIS version?
What are the gains of using IIS instead of self-hosting OWIN?
I would guess that I would need to implement some security features myself?
On my development PC a client Windows Service with SignalR V2 is able to communicate with an OWIN SignalR V2 hosted in IIS application.
At the moment I need to evaluate what needs to be considered to set this up on a server to ensure functionality.
I hope this all makes sense.
I am implementing Remote Procedure Calls in our Webservice, for real time communication with clients.
I read documentations about RPC, SignalR V2, OWIN and Katana.
At the moment I need to evaluate what needs to be considered to set this up on a server to ensure functionality.
Situation:
We installed a self-hosted WCF Service on a new Windows Server 2016 Machine (machine X). This service makes a call to a Tibco BW webservice on a different Windows Server 2016 machine (machine Y).
When the WCF service is run with user A (part of built-in Adminstrators) all requests are processed successfully. When the service is run as user B (service user) we receive the following message: "http request forbidden for authentication scheme anonymous"
Both services run under basicHtttpBinding.
We were able to do the same installation on a different windows server 2016 environment with different users sucessfully.
Steps taken so far:
We compared the packages that are sent when the service is run with user A and with user B and found out that when the service is run with user B no package will reach machine Y.
We disabled the Windows Firewall on both machine but this did not change the behaviour.
We compared the rights and policies of user A and B via gpresult but could not see any difference regarding network access or http related policies.
Our Speculation
We suspect that User B is missing somekind of privilege to make http requests like User A is able to do.
Questions
Is there a group policy that governs this kind of behaviour?
What settings could prevent a User from sending these requests?
Why do we get this error message despite not using any security settings?
Thank you
We did a wireshark analysis and found out that there was still a policy in place that required the service account to redirect all traffic over a proxy server. This proxy most likley had no idea how to handle WCF traffic and all requests resulted in the error message we observed.
Once we altered the policy to allow prevent the service user from using the proxy, the requests went trough as expected and as observed with the other administrator users.
I am trying to write a monitoring tool to monitor some information
It will gonna work on azure normally. So i gonna host the database on azure also the webservice will be hosted at azure.
On the client's i read from the config file how many time's he need to update the information to the azure database ( with the webservice on azure ).
Now i want to send also some commands to the client itself. Like start service, .... what is the best way to do that?
How can i send it from a website that is hosted on the azure platform?
I think you should consider implementing a WCF service at the client as well. The Azure side of your software could call operations from this service when it needs to instruct the client to do something.
The WCF service at the client should be something simple,hosted in a Windows Service or in your actual client (whatever it is... win forms, console, etc).
Since you have no VPN, it sounds like you may have a problem with hosting a WCF service on the client. If the client is behind a firewall, you would have to modify the firewall configuration to allow your server to connect to this service.
Last time I had to do a service like this, I used Comet. The server maintains a queue of messages to be sent to the client. Your client connects to the web service and requests any available messages. If messages are available, the server returns them. If not, the server leaves the request open for some time. As soon as a message arrives, the server sends it down the already-open connection. The client will either periodically time out/reconnect or send a keep-alive message (perhaps once per minute) in order to keep the connection alive in the intervening firewalls.
I'm writing an application with both a desktop and a mobile app component. The desktop app is being written in c#, and I'd like to be able to open it up to act as a server for the mobile app (similar to what AirVideo does). How can I accomplish this without requiring the user to configure their firewall and/or router?
Ideally, I want to self host a restful wcf service in the desktop app. I've tried this already, but the automatic configuration of the firewall doesn't allow remote connections to the wcf service, since it appears to be hosted by the system process. Is there a workaround for this behavior?
Edit: I've solved the router problem as best I can through the use of the NATUPnP COM library (http://pietschsoft.com/post/2009/02/05/NET-Framework-Communicate-through-NAT-Router-via-UPnP.aspx). I still need to know how to allow remote connections through the firewall to a self-hosted WCF service without any manual configuration of the firewall (I'm okay with the user prompt to allow connections once the app is launched).
Set a specific port in your router that is designated to route to your server address,
So if your router real ip is a.b.c.d, you should set up that all communication to a.b.c.d:port# is being routed to your server local address. (a.b.c.d:port# --> serverIP)
The settings for this can be achieved from your router configuration.
In a situation where you cannot tinker with the router setting/firewall settings:
This means you cannot use ports to listen to incoming connections and can only use outgoing connections. to overcome that you will have to use a 3rd server with real IP-Address which will function as a listener for both sides. Typical scenario can be described as follows:
Client Side - A (Desktop)
Client Side - B (Smartphone)
Server Side - S (Communications Server)
S --> Open port for listening to incoming connections.
A --> Connect to S every x seconds to check if requests to do something are waiting.
B --> Connect to S. (issues a waiting request for A)
That way S is served as a proxy to glue both sides' communications.
I posted about this before to a degree, but after a few days of reading I have a better understanding of WCF and would like to get a bit of feedback before I start working on it.
I basically need to develop a server/client system. The "server" application (c# net console app) will be ran on a machine with a MySQL database, all software installation packages, and whatever else we need local to it. The "client" application (c# net console app) will be ran on the rest of our machines, and will maintain a direct connection to the server software. Using a web front-end, our administrators will be able to install software packages to the clients, create new services, etc.
Since we own all of the machines, and have to configure them anyways, Server Push is not a problem. We don't have to worry about firewalls or any sort of NAT settings as we can just go in and open the ports required for it to operate.
What initially confused me about WCF is I assocated a "WCF Service" with a server. However, since the majority of operations are actually going to be run on the "WCF Service", this is my logic.
1) Make the "client" application actually a "WCF Service" so that the exposed functions are actually ran on the proper machines.
2) Have the "server" application actually a "WCF Client", and issue all of the instructions/commands from here, and just use the return value to update the database/etc.
Would this be the proper method to go follow or should I look into WCF Duplex (Looked extremely confusing at first glance) or just start with raw sockets?
from what I gatther you're trying to do, you're correct. That is the client machines should really have a TCP/IP "server" running on them, and the centeral server machine would have the Tcp/IP "Client".
That way the TCP/IP client (The app running on your server machine) can initiate calls to each of the client machines.
Keep in mind also that a single application can be both a tcp/ip client and server. So your app that's running on the server machine could in turn also be a tcp/ip server that your admin uses to do stuff using a browser. Which effectively means that service is an HTTP service.
So, it is not a client/server thing. It is a hub-and-spoke arrangement of distributed computing. I think, WCF can very well be used. You have multiple servers and a coordinator (the client to all of these servers) that gets the work done from various servers and update the database.
So WCF is well-suited for you. The benefit of WCF is the easy configurability and handling the communication part. You don't have to take much pain for the management of sockets.