I have a Windows Service (not a webservice) and I need to provide some security. ie. Only authorise users run methods of the service.
Is it possible to use certificates like you can do for webservices? Can anyone describe the process of how one would go about doing this?
Thanks!
Caveat : I have not done this before but it seems like one possible solution.
Create a WCF service and host it as a Windows Service.
There is a tutorial on MSDN as to how you can do that
You can use TCP / named Pipes to communicate and can configure security for either of these based on the security options options in WCF i.e.
Transport
Message
Combination of Transport and Message
TransportWithMessageCredential
TransportCredentialOnly
For details on each of the security options above and how to use them you can also check out this article
You need windows service in a scenario where you want to do some continuous processing irrespective of user logged in. Your windows service would be running/processing even if no user is logged into system. To add on to this, windows service doesn't expose bunch of methods. It only gives you events like OnStart, OnStop so that you can control your service through Services.msc. In OnStart you merely fires off your business logic and keep doing it until you stop the windows service.
Probably windows service is not the right solution for your scenario.
Related
I'm writing a windows desktop service that is supposed to download content from a file server on a weekly basis, but it requires users login information to function.
I need the service to be able to "talk back" to the simple tray application I've developed to inform it when things have happened. Things like
Is the users login info good?
Did the content start downloading?
Did the content finish downloading?
I've seen posts on WCF, but, at a glance, WCF feels to me like it's just designed to go around web services. This is going to be a desktop service, not a web service, so unless I'm mistaken in my interpretation, I do not think that WCF is going to work for me? What's my alternative? (or, if I'm mistaken about WCF, can someone point me to a simple tutorial?)
You need to use either a Socket or a NamedPipe. Typically NamedPipe is preferred because it won't trigger some restrictive firewalls that monitor loopback interface as well.
Example of Named Pipes
Write a WCF service and configure a key in the web config(which specifies the user name and password" of the WCF service. Pass the same key from the windows service and authenticate it, once authentication is success, Download the files
eg:
http://www.codeproject.com/Articles/166763/WCF-Streaming-Upload-Download-Files-Over-HTTP
I'm working on a client-server project implemented using WCF. The clients are deployed on different machines and communicate with services through the internet. I'm relatively new to WCF, and am a bit confused on choosing the appropriate binding for my Web services. The clients need to be authorized to perform operations, however, I'm implementing my own authentication algorithm and trying to avoid Windows authentication for various reasons, but I still need to make sure the message transferred in the channel is encrypted.
Right now I'm using wsHttpBinding with security mode set to Message. Full configuration looks like this:
I've set the authentication type in IIS to Anonymous Authentication to make sure the requests are passed through, and was expecting a service call to fail since MessageClientCredentialType in my binding is explicitly set to Windows. However, when I run the code, the service successfully gets called and returns the expected values. I have a feeling that I'm missing something - why is the call authorized? Can I make sure the message is still encrypted even though authentication type is set to Anonymous? Any help is appreciated.
Edit
To clarify on this, I tested the service with a client deployed to a machine outside the network on a different domain.
This MSDN article kind of sums up a lot of security issues relevant to WCF
http://msdn.microsoft.com/en-us/library/ms733836.aspx
regarding your specific situation,
the negotiateServiceCredential="true" means that you streamline certificate distribution to your clients for message encryption.
This option will only work with windows clients and has some performance problems.
read more here http://msdn.microsoft.com/en-us/library/ff647344.aspx
search the topic "streamline certificate distribution" in this page.
Which account do you use to make the call to the service? Allowing anonymous in IIS lets your request pass through to the service and service should authenticate if your caller has credentials that windows understands (Active directory/NTLM).
In your case, I think you are testing it in your own environment so service responds. Once you deploy it over internet, I doubt your service will allow anybody outside of your domain if you keep clientcredentialtype to windows.
Check these link for securing services on the Internet -
http://msdn.microsoft.com/en-us/library/ms734769.aspx
http://msdn.microsoft.com/en-us/library/ms732391.aspx
I created WCF service and faced with a problem. I need to update database periodically, but i couldn't find static method like Main, that whould do it without client interaction. What can i do??? What wold you suggest in such case?
There is no Main method (or similar entry point) in WCF. You need to host your WCF service in another process (such as a Windows service, or IIS or self host) to "activate" it and make it available to other processes.
One of the concepts in WCF is that you write your service code to do the function you need without having to worry about infrastructure and hosting. Once you have written your service logic, you can then decorate and configure your service to expose it to other processes. Using this approach means you can change how your service is exposed to other processes without re-writing the actual service logic - you essentially just change your configuration. Hence, a main entry point is specific to how you choose to host and expose your WCF service to the outside world.
Just Google around for "WCF hosting" and you will find lots of information.
If you don't need to expose your service logic to an external process (which sounds like maybe the case from your question) then maybe you don't need to use WCF and you can just write a plain old Windows Service.
If your wcf service is self hosted then you can do it in your application before publishing the service.
If it is in IIS then there really isn't application_start kind of thing since the host may be created on first request. See WCF application start event
This question is a Follow up to This
In the project I am currently working on, I have a windows service which is actually a TCP/IP server which is connected to some set of hardware.. The windows service collects data from the hardware and stores into a database and may also send some configuration commands to the hardware.. There is an asp.net website through which the user may ask the windows service for some data or even send some configuration commands for hardware through windows service..
As of now I am considering to host WCF inside the windows service and make asp.net to consume this service.. So, I want the WCF to invoke some of the procedures in my windows service when the user requests through the website.. is it possible? if it is please explain..I have searched a lot for this type of communication but all in vain.. if it is not possible suggest me some alternative approach to WCF... Please help, will be grateful.
If you make your WCF service a singleton you can create an instance to it and pass that to the ServiceHost. You can pass constructor an interface implemented in the windows service which the WCF service can use to talk to the Windows service - this interface implementation can act as a broker for the communication between the WCF service and the windows service
I have a basic windows service which does some conversions of data. There's decoupled GUI which allows user to changes some configuration and this needs to be proprogated to the Windows Serivice running. Both of them are running the same box and implemented using C# .NET. Which is the best way to communicate to the service other than interprocess communication mechanisms like mutex, events etc.
Also I'd like to avoid to implement it as a web service because it's not a webservice.
I would use a WCF Service to communicate.
You can use netNamedPipe binding but that might not work on Windows 2008/Windows 7 since the Service runs in session 0 and all user code runs in sessions >0 and they would not be able to communicate.
So I used netTcpBinding in my own project.
If the processes are not going to move to different machines, you can use memory mapped files as the communication mechanism.
If that's not the case, WCF is a good option.
Since you're dealing with configuration data for the service, I would persist it somewhere. Database, file, registry, etc. UI writes the information and the service reads it when appropriate (e.g. each run).