Okay so this is probably a very confusing title for this question I am sure. Hopefully I can clear up that title with the actual question.
I am putting together a website for employees to connect to that is internet facing but I want them to be able to log into the site using their Active Directory login as well as access data that will be behind a firewall that is not accessible to our internet facing sites. Someone made mention to me that I could have the site communicate with a server behind the firewall and have that server make the requests back and forth. (Sort of a check point)
So now that the back story to this is out there, I am not really looking for how to configure the server's or the network itself but rather how would one make an API call to an Intranet server from an Internet server? They will be on the same network but one behind the firewall and the other in front of the firewall.
Would you make the call directing to the server name or IP address or what? This may be too premature of a question to be asking since I still don't have the servers setup but none-the-less it is a concern I am having and need to figure out.
This site is going to be all done in ASP.NET MVC 4
The best way to accomplish this type of a setup is via firewall and/or domain configuration.
Most recently I have seen this implemented by first creating a one way trust relationship between the external and internal domains, this will serve to allow the external application to resolve the address of the internal server by name.
Theoretically you could also accomplish this by using port forwarding on the firewall; in this configuration the external application will use the address of the firewall and the firewall will take care of sending the request to the correct server.
Once this confiugration is in place your external application should be able to communicate directly with your internal servers without any special code.
Related
I'm a bit out of my depth and haven't found the answer I need from Google, so could do with some advice.
I have a website that currently has some functionality build in.
I now find myself needing to create a second website containing the same functionality.
In order to do this the proper way, I want to create a webservice and access it from both sites. I've created a new solution and the webservice so far.
On my development machine, I can browse to the webservice.
The question is when I move this webservice to the live server, will it need it's own IP address, domain, or both? Or can it reside on the local server and be accessed in the same way as I would on my development machine?
The webservice does not need to be accessed from outside the server.
I'm a little unclear and its not easy to test in a live environment.
All help appreciated.
A web service works in exactly the same way as a website, only instead of returning HTML, it returns JSON/XML or similar. You'll need to host it on a web server, but if you only need it to be locally accessible, you can set the web server up to bind to localhost (127.0.0.1 in IP4) either on the default port (80) if nothing is already using it or on a different port (eg.12380 where it would be addressed as http://localhost:12380).
Most web servers can bind to anything that comes in on a specific IP address that isn't otherwise allocated or they can recognise which site to serve based on the host name that has been requested. nb. the host name isn't sent automatically by (TCP/)IP - the browser, or in this case web service client will sent an HTTP request header to let the server know which site to serve.
If you have sufficient control over the server, you can also create an entry in the hosts file to use in place of a domain name (eg. webservice maps to 127.0.0.1) and then set up your web server to bind to that.
Situation: We have a web application running on a server. This application needs to fetch data from some other PC(Clients), which are on a different network.
On the clients' pc there are WCF hosted in Windows Services using its their local Sql db. i want to make duplex communication between server and clients for share data with each other.
data share mean share data-table,data-set,string etc between clients and server .
Problem :
1) I have no control over the firewall, proxy, NAT on the client side PC. Mostly company Employee PCs have lots of network security e.g firewall block ICMP traffic and some port too, some Router might be Disabled port-forwarding etc etc , client can change network place.
I don't want to make any setting on client side Router,proxy,firewall though .
during communication how can i handle that's kind of issue of client side?
as you know skype is working perfect in that situation.
firewalls very often block inbound connections to clients; the client may not be reachable from the server, it may be using NAT translation behind a router and so cannot be contacted without port forwarding being set up on the router and some new router disabled port forwarding .
2) On clients side there is no IIS .
I don't want to allow remote access on clients PC.
There are more than 100 Clients and only one Server. one server need communicate with many clients on different network .
3) One side my client application is using window application and wcf hosted in window service ,Other side on my server i'm using Web application . so its mean communication is between desktop pc and web pc , that's issue .
If both using a web application then it was not issue to make duplex communication.because i know WEBRTC is fit there lol.
Technology which i had already test and find issue
WSDualHttpBinding: Not work if client behind NAT. check this for detail click here
MSMQ : its bad technique if clients more than 1 and performance issue also because its use RAM memory . check here click here
Xsocket: Its also not work if ICMP traffic block by firewall on client. check here click
WebRTC: Its work fine but its support web to web communication .as my client side i have win app.
Socket.io: Its need to set up node.js and many other thing , hard to implement because i need implement on existence application , i am not making new application.
C# Socket Program: Its wouldn't work if client behind NAT.check here click for detail
Service Bus relay: Its not free even for testing .
socketPro: I studied i find its good but i can't find any right sample on google .so that i could test that.
Genuine Channels: I can't find any sample on google .
Lets see SignalR issue .: Server side i run a console application and Client side i run two application ,one is console and other web. when i was running console client application than it was not initiating connection with Server but when i was using web client application then it was working fine.
sample link is here SignalR two way communication
I can't understand why thas??
Please tell me What is best most secure and fast way to handle this situation? what approach should i use ?
SignalR seems to fit for this solution, because it's flexible.
It negotiates the fastest available channel of communication and that is what you are looking for.
You should investigate the problem with it and signalR will eventually work.
I'm using SignalR extensively to communicate between the servers (C#), between server and mobile apps (C#, Xamarin, iOS, Android). The servers are at different locations and the mobile apps can be anywhere. It all works very reliable.
Take a look at: http://www.asp.net/signalr/overview/deployment/tutorial-signalr-self-host and here http://www.asp.net/signalr/overview/guide-to-the-api/hubs-api-guide-net-client
I've been working in my spare time with sockets (admittedly in c++, not c# but there shouldn't be a difference), and I've never had an issue connecting to clients behind a firewall/router, even without port forwarding.
Routers and firewalls generally don't like server-like programs, eg. programs that bind the socket to a port number. Does your client do anything related to binding? Because it shouldn't.
Needless to say, I would suggest a socket program. The way I see it, it's the most flexible way.
Please actually read my post before placing it on hold!!
Let me start by saying I've been searching for a solution all afternoon and so far I have seen plenty of examples for WCF but none that would do what I need.
I have developed an application in c# that will be installed on customer servers and accesses a sql server on the customer's local network. The application also has the ability to control network relays on the customer's local network and records the status of these in sql. I am trying to figure out a way to have the customer's server establish a connection to our datacenter and be able to issue commands back to the customer's server (retrieve datasets from sql, control the network relays, etc). I have found plenty of ways to have a client call classes on a server but have so far been unsuccessful in finding the reverse. One consideration was writing a web service as part of the application on the customer's server but need a way to establish this connection for customers with dynamic IP addresses and without having to publish through firewalls, etc.
Have you considered using
VPN - Virtual private network
or
Configuring a Port Forwarding redirect on the ADSL modem, and using a solution like www.noip.com ?
If I understand correctly you want to get information from the customer's database, which is behind a firewall and has no known static ip, in addition there might be several hundred customers so a dedicated VPN to the customer is not viable.
First of all: you should not contact the customer database directly. Databases are not designed for this scenario and would probably be left open to attack if exposed directly to the internet.
So you need a service on top of the database. There are two main options you can use for this service:
Polling service
The service is actually a client calling some web service on your network and asking for instructions.
Benefits: easy to implement and deploy.
Downsides: With polling there is always the cost-benefit of scalability/bandwidth use vs. speed of service. There are also some considerations in selecting the time to poll to prevent all the client polling at the same time.
The service is a tcp-server
This can be a usual web service (or RESTfull service) or some other service. The only difference is that it needs to advertise itself. For that you need to have a known directory server. When the service starts it then connects to the directory service and tells it the port it can be contacted on (the directory knows the ip from the connection). It will then need to periodically contact the directory to let it know it is still alive and so any change in IP is detected.
A client on your network would now query the directory to find the address of the client and connect directly to it to issue commands.
Benefit: Scalable and bandwidth efficient.
Downside: More difficult to implement. Requires firewall traversal solutions (UPNP or firewall exceptions).
I want to know how I can make website available in my private home network? I know I am supposed to make my IP address static but I still do not know the complete steps to accomplish what I want to do. Is this even possible? If it is can someone please explain to me what I have to do?
A lot of ISP's won't allow you to receive requests on port 80. However, you can test this by trying...
-Install IIS - when you go to http://localhost, you should see an IIS start page.
-If you have a router/switch, you'll need to access the admin interface on it. This is usually default 192.168.1.1, but varies by manufacturer. You'll also need to get the local IP address of your IIS server. Go to run, hit CMD, and type IPCONFIG.
-Inside the admin interface, you'll have port forwarding. Forward port 80 to the IP address of your IIS server. Save.
-Now, get your actual IP address by going to a site like whatsmyip.com.
That should do it. Ask a friend or a family member to browse to your IP address. If they see your site, your ISP allows you to host. If they don't see it, your ISP has it blocked..
Having said that, you should check out serverfault.com - this question is more suited for that site.
This is pretty easy but you need to read up on some security before making anything live.
Static IP addresses cost more money than dynamic ones so I suggest signing up to http://www.no-ip.com/. It's requires installing a program which updates a domain which your ip address everytime it changes.
You will also need to use port forwarding on your router so it knows to send all http requests to your PC. HTTP data to passed normally through port 80 or 8080.
Hope this helps.
Check this out: http://msdn.microsoft.com/en-US/library/1y1404zt(v=VS.90).aspx
I am planning a SaaS system, to be written in C#, ASP.NET using WCF that has two separate components:
On a static IP web server in the cloud will be a web app, common to all clients.
Inside each client's office will be another app, installed on a server with IIS.
The site app will obviously be able to connect to the web services published on the web site. But here's the rub - I also want the web app to be able to initiate a connection to the site app... and the on-site server may not necessarily have a static IP. I can't control this, because we may have hundreds of clients at some point in the future, and we cannot limit our saleability by insisting that the customer has a server with fixed IP.
So, how to do this?
I could have the site apps "checking in" with the web every minute or so, to give the web app the possibility of responding with a "while you're here, please do x,y,z..." but that seems very inelegant. Also, if we're talking about hundreds of clients, I don't want to be bombarding my web server with all these "hi there!" messages if they're not actually required.
Is there a better way?
WCF? Here we go:
Use a message based approach (exchange message, no stateful method calls).
Clients connect to the server. Establish a HTTP-based TWO WAY CONNECTION. This way the server can call back to connected clients. This is standard WCF stuff and works well through NAT with version 4 of the .NET framework.
Voila. In case of a disconnect the client can re-connect, re-identify himself and gets the pending messages.
IIRC "push communication" is done by letting the client do a HTTP Request with an indefinate timeout. Then the server responds when he has something to say. After the respons the client immediately makes a new request.
It works out the same way like the server is making the connection and takes far less resources than polling.
Dynamic DNS is one possibility, but depends on your clients/customers.
If the site app is created by you, it only has to contact the web server when its address has changed (or when the site server/web app is restarted). Still, a keep-alive heart beat of, say, every 30 min. to 1 hour isn't a bad idea.
Edit: I think SNMP services may provide the answer but I'm not a networking expert. You'll have to do some digging or ask a separate question on stackoverflow.
What would you say about Comet technology?
Sounds like you'll definitely need some sort of registry on the server, then it could attempt to call out to the client apps if it needs work doing.
Generally it is client apps that check in with the server every X seconds - this is how Selenium grid works anyway. With a central hub with which clients register. When the hub receives a request to run some tests it passes the jobs out to the clients to perform.
You may not need the "checking in". The server could just attempt to call out to a registered client app until it finds one that is available.This way only the server would need a static address (could use a DNS name instead of an IP to make it more robust).
Also have a look at XMPP PubSub. This could be a more robust and standardised way to handle this.
In the end I decided to go with NetTcpBinding, for reasons best given by #Allon Guralnek here. It's worth clicking through and reading what he has to say...