I have an existing c# service running on a Windows client or server. To handle these I have added a simple http based management code, in order to install, remove, start and stop child processes (as services) remotely.
It works, however this management access needs some sort of authentication, else anyone knowing the system can screw it up pretty badly. As it is C#, I was thinking of using NTLM, hoping it was a built in set of libraries in the C#/.NET framework.
I can find plenty of examples on how to connect to an NTLM authenticated page/site, but not how to implement this myself on the server side.
Personally I would use WCF with a net.tcp binding to expose a management API from a Windows Service to Windows clients. net.tcp uses Windows authentication and encrypts the message out of the box.
Related
this is my first questions on SO. Normaly I just wander the internet reading stuff until I can make up a solution.
So up until now we use HTTP Request and Response Model to communicate with Clients.
Using C# ASP.Net .Net Framework 4.0 hosted in IIS.
This way we are not able to forward information in real time to them from the server.
We would need to wait till the clients contact the server.
To solve this issue I think OWIN with SignalR V2 Middleware hosted in IIS would give us the ability to use Remote Procedure Calls, so whenever something happens that needs to be forwarded immediately to the Client, we can do so by calling that specific clients function or all clients.
For this of course the target Framework of the application needs to be .Net Framework 4.5 at least.
Now the problem I have is that in the Microsoft Documentation it says to use the IIS Express version, in order to enable the server to have more than 10 connections.
On the client side it would be no problem as ideally there would only be one connection at any given time.
But the Server should be able to have a whole lot more than just 10. As the Websocketconnections would stay open.
I am not an IIS expert, but why are there these limitations in the non Express version?
I would expect that one should be able to set the number of maximum connections despite the IIS version?
What are the gains of using IIS instead of self-hosting OWIN?
I would guess that I would need to implement some security features myself?
On my development PC a client Windows Service with SignalR V2 is able to communicate with an OWIN SignalR V2 hosted in IIS application.
At the moment I need to evaluate what needs to be considered to set this up on a server to ensure functionality.
I hope this all makes sense.
I am implementing Remote Procedure Calls in our Webservice, for real time communication with clients.
I read documentations about RPC, SignalR V2, OWIN and Katana.
At the moment I need to evaluate what needs to be considered to set this up on a server to ensure functionality.
I need to host ASP.NET based app as Azure Web App which should communicate with WCF based Azure Web App. ( WCF app is also an azure Web App not an on-premise app at all).
What are possible ways to achieve easy and flexible communication between both app services?
Do we need to establish a communication channel specifically?
Both Apps under IIS On-Premises are used to communicate without any problem over NET TCP protocol. But I think now we need both services to communicate over HTTP instead of Net TCP?
What problems we may have?
What things do we need to bear in mind?
First of all, we need to be clear that azure webapp only supports ports 80 and 443.
Secondly, in your project, you said that it runs normally in local, because I don't know what you mean by communicate, and I don't know how to achieve it. Normal communication may be socket or websocket, etc. It is not clear what communication you are talking about. If it is socket and you need to use a port other than 443/80, then it is not supported.
But I know clearly that azure web app supports wcf, which means that both of your webapps can be deployed successfully and run normally. If there is a problem, you can update the error details in the post, and we can provide you with further assistance.
I'm working with a SignalR server application that is available via the Internet. It implements a regular authentication based on credentials. I'm now working on another service that I'd like to hook up to this server with access to a different set of functions as opposed to my regular users. I could create a special internal user with a different role and hardcode it (its login and password) in my internal app as by definition the binary wouldn't even be available anywhere, but for some reason it seems fishy to me.
I've also thought about creating a secondary SignalR server that would listen on a different port but only internally in my VPN, behind a firewall (the service will be hosted with Amazon VPC). The issue with that solution is the obvious need to create a second server application.
What should I do? How do you handle internal APIs and their authentication?
Use ASP.NET Identity
Details see:
https://www.asp.net/identity
How to use with signalr:
https://learn.microsoft.com/en-us/aspnet/signalr/overview/security/hub-authorization
I am trying to create a chat application in WCF.
I've created the client and the service on a localhost using httpBinding,
this is the service endpoint:
http://localhost:9999/ProductService
Now, I really don't know how to make the program run 'globaly' and not on a localhost.
Is there anyway to host the server on my pc? or run the application serverless using p2p communications?
Thanks anyway for your Time
You can set up at publicly accessible web server on your own computer, but it's definitely not recommended for any production purposes, unless you have a good understanding of this and have a internet-connection that allows for it, both technically and legally.
You should probably get external web hosting for this instead.
But if you really want to do this, you can install IIS to host the service.
As a side note, I don't think WCF is the optimal route to take for this anymore. Maybee you should check out SignalR and/or WebSockets instead. And ASP.NET Core WebAPI. It's not really anything wrong with WCF, but for new projects I wouldn't recommend it.
I'm working on a client-server project implemented using WCF. The clients are deployed on different machines and communicate with services through the internet. I'm relatively new to WCF, and am a bit confused on choosing the appropriate binding for my Web services. The clients need to be authorized to perform operations, however, I'm implementing my own authentication algorithm and trying to avoid Windows authentication for various reasons, but I still need to make sure the message transferred in the channel is encrypted.
Right now I'm using wsHttpBinding with security mode set to Message. Full configuration looks like this:
I've set the authentication type in IIS to Anonymous Authentication to make sure the requests are passed through, and was expecting a service call to fail since MessageClientCredentialType in my binding is explicitly set to Windows. However, when I run the code, the service successfully gets called and returns the expected values. I have a feeling that I'm missing something - why is the call authorized? Can I make sure the message is still encrypted even though authentication type is set to Anonymous? Any help is appreciated.
Edit
To clarify on this, I tested the service with a client deployed to a machine outside the network on a different domain.
This MSDN article kind of sums up a lot of security issues relevant to WCF
http://msdn.microsoft.com/en-us/library/ms733836.aspx
regarding your specific situation,
the negotiateServiceCredential="true" means that you streamline certificate distribution to your clients for message encryption.
This option will only work with windows clients and has some performance problems.
read more here http://msdn.microsoft.com/en-us/library/ff647344.aspx
search the topic "streamline certificate distribution" in this page.
Which account do you use to make the call to the service? Allowing anonymous in IIS lets your request pass through to the service and service should authenticate if your caller has credentials that windows understands (Active directory/NTLM).
In your case, I think you are testing it in your own environment so service responds. Once you deploy it over internet, I doubt your service will allow anybody outside of your domain if you keep clientcredentialtype to windows.
Check these link for securing services on the Internet -
http://msdn.microsoft.com/en-us/library/ms734769.aspx
http://msdn.microsoft.com/en-us/library/ms732391.aspx