I have different environments for my application (Dev -> Test -> Prod), and I'm using MSMQ.
I also have the name of the queues (they are remote queues) I use via config files, in the following format:
FormatName:Direct=SERVER_NAME\Private$\MY_QUEUE
My problem is that SERVER_NAME is different in the different environments, and I'd like to delegate that problem to the server (ie: for databases I have aliases with the same name in all 3 servers, and they each point to the actual db server)
I tried adding the queue server to the hosts file, but it failed with the following error:
The queue does not exist or you do not have sufficient permissions to perform the operation.
I tried FormatName:Direct, FormatName:OS, and FormatName:TCP
Any help (workaround, new ideas, how to make that work) would be highly appreciated.
The objective is to have a single config file that would work in all environments.
We are also using a hosts file in our environment and found out (the hard way) that MSMQ does not support it.
Our solution is to use an abstraction layer (ITransport) over MSMQ, and let this layer replace host names (that might be found in a hosts file) with ip addresses. It is easily done using the Dns class.
This is just a guess, and I can't verify this at this moment, but:
The reason for the failure is that msmq uses kerberos authentication. Which authenticate both side of the exchange. Your side is accessing the server with the "wrong" name. So when the server tries to authenticate with you(the client). Windows can "tell" that this is not the server you are looking for. So it fails the authentication.
There are probably ways to circumvent that. But it will compromise security. What I would suggest is to put the three names of the destination servers (dev, qa and production) in the config file. And choose between them with some parameter like domain name, user name, computer name or something other like that that is also different in you different environment.
The formatnames that you have specified are not valid. It should be:
FormatName:Direct=OS:SERVER_NAME\Private$\MY_QUEUE
or if you want to use the IP adress instead:
FormatName:Direct=TCP:XXX.XXX.XXX.XXX\Private$\MY_QUEUE
Related
Okay so this is probably a very confusing title for this question I am sure. Hopefully I can clear up that title with the actual question.
I am putting together a website for employees to connect to that is internet facing but I want them to be able to log into the site using their Active Directory login as well as access data that will be behind a firewall that is not accessible to our internet facing sites. Someone made mention to me that I could have the site communicate with a server behind the firewall and have that server make the requests back and forth. (Sort of a check point)
So now that the back story to this is out there, I am not really looking for how to configure the server's or the network itself but rather how would one make an API call to an Intranet server from an Internet server? They will be on the same network but one behind the firewall and the other in front of the firewall.
Would you make the call directing to the server name or IP address or what? This may be too premature of a question to be asking since I still don't have the servers setup but none-the-less it is a concern I am having and need to figure out.
This site is going to be all done in ASP.NET MVC 4
The best way to accomplish this type of a setup is via firewall and/or domain configuration.
Most recently I have seen this implemented by first creating a one way trust relationship between the external and internal domains, this will serve to allow the external application to resolve the address of the internal server by name.
Theoretically you could also accomplish this by using port forwarding on the firewall; in this configuration the external application will use the address of the firewall and the firewall will take care of sending the request to the correct server.
Once this confiugration is in place your external application should be able to communicate directly with your internal servers without any special code.
Please actually read my post before placing it on hold!!
Let me start by saying I've been searching for a solution all afternoon and so far I have seen plenty of examples for WCF but none that would do what I need.
I have developed an application in c# that will be installed on customer servers and accesses a sql server on the customer's local network. The application also has the ability to control network relays on the customer's local network and records the status of these in sql. I am trying to figure out a way to have the customer's server establish a connection to our datacenter and be able to issue commands back to the customer's server (retrieve datasets from sql, control the network relays, etc). I have found plenty of ways to have a client call classes on a server but have so far been unsuccessful in finding the reverse. One consideration was writing a web service as part of the application on the customer's server but need a way to establish this connection for customers with dynamic IP addresses and without having to publish through firewalls, etc.
Have you considered using
VPN - Virtual private network
or
Configuring a Port Forwarding redirect on the ADSL modem, and using a solution like www.noip.com ?
If I understand correctly you want to get information from the customer's database, which is behind a firewall and has no known static ip, in addition there might be several hundred customers so a dedicated VPN to the customer is not viable.
First of all: you should not contact the customer database directly. Databases are not designed for this scenario and would probably be left open to attack if exposed directly to the internet.
So you need a service on top of the database. There are two main options you can use for this service:
Polling service
The service is actually a client calling some web service on your network and asking for instructions.
Benefits: easy to implement and deploy.
Downsides: With polling there is always the cost-benefit of scalability/bandwidth use vs. speed of service. There are also some considerations in selecting the time to poll to prevent all the client polling at the same time.
The service is a tcp-server
This can be a usual web service (or RESTfull service) or some other service. The only difference is that it needs to advertise itself. For that you need to have a known directory server. When the service starts it then connects to the directory service and tells it the port it can be contacted on (the directory knows the ip from the connection). It will then need to periodically contact the directory to let it know it is still alive and so any change in IP is detected.
A client on your network would now query the directory to find the address of the client and connect directly to it to issue commands.
Benefit: Scalable and bandwidth efficient.
Downside: More difficult to implement. Requires firewall traversal solutions (UPNP or firewall exceptions).
I wrote a web service and hosted it on Local IIS. I clicked Create Virtual Directory: Project URL (my local IP address is 192.168.1.102). I get an error:
Unable to create the virtual direcotry. Could not find the server 'http://192.168.1.102/ on the local mashine. Creating a virtual direcotry is only supported on the local IIS server.
What do I need to do to solve this?
Unfortunately your request is quite a large request- You have a few issues you need to overcome in order to successfully accomplish your task.
The Problems:
Permissions
Ensure Site is configured correctly within IIS.
Ensure you've configured a valid Application Pool within IIS.
You see these are going to be your largest hurdles; mostly because in order for your site to function correctly it will have to allow the Network Service account to perform functionality-
Hopefully this starts to gauge your complexity a bit-
Without code it will be difficult to see why this error has occurred. However, based on your listed IP Address that isn't your actual address. You see your machine is connected to a Router which knows which machine made the given request-
Which means your real IP could be: 50.5.1.14 but the Router has assigned you an IP of 192.168.1.102. So you'd want to target your Wide Area Network and ensure that your local machine will accept the request when it goes through your port.
If your actually testing this on a local machine, the most simplistic thing you could do would be to use the localhost address- This will utilize the Network Interface Cards built in loopback address 127.0.0.1. Which may alleviate your issue within your test environment.
Without more detail it will be quite difficult to correctly answer you.
I want to set up a system with a Client-Server architecture.
Problem: Sending daily log data from the client application to server. Both the client and server are on an internal network with different IP addresses.
Possible Methods...
1) Using Socket Programming
2) Sending over Active Directory (if possible)
3) Sending file from one IP address to another.
Please suggest some methods (apart from http) and how to implement the same?
NOTE: Information on client side is stored in SQLite database.
Thanks in advance.
How about something as simple as a shared network drive, and a regular file copy? If the servers are on the same network?
Yes, it's not sexy, but it does the job pretty easily.
DNS is not required to use HTTP or any other network protocol. You can use the computers IP Address in place of the domain name entry. As Jakob Jenkov said you could just use standard File.Copy to copy the files from the client to a central server. If you want to use some sort of custom network connection for such a transfer you should look at WCF. WCF supports many different network protocols and is very reusable.
More difficult options would using Sockets, TcpListner/TcpClient, and Remoting.
It should probably be noted that Active Directory is a directory listing service, not a network transfer protocol.
Since you consider "sending a file from one ip address to another" an option, why not setup a network share (\serverShare\mylogshare) and write a simple program that runs on the client that will copy the client log data file to the network share. Run the program as a scheduled task in whatever time frame you desire.
I have set up a WCF service on a server which lives in its own Workgroup. I've tried to make a TCP/IP connection to it from a client that lives on the corporate domain. When I try to open a connection, I get a SecurityNegotiationException with the message:
"A remote side security requirement
was not fulfilled during
authentication. Try increasing the
ProtectionLevel and/or
ImpersonationLevel." The inner
exception reads: "The network logon
failed"
After speaking with some coworkers about the issues and performing some google research, I came to the conclusion that the issue is that the client is attempting to log on to the server using my corporate network login and password. Since the server is not part of the corporate network, it has no knowledge of my corporate identity and then rejects the login / connection attempt. Whether this analysis is correct or not, I have no idea.
Google results seem to suggest that perhaps the solution is that I need to impersonate user account that exists on the server machine. --I have also stumbled across this codeproject article which demonstrates user impersonation. Since the only account on the server is Administrator with no password, I tried domain as the computer's ip address as "10.0.0.11", username as "Administrator", and password as "".
http://www.codeproject.com/KB/dotnet/UserImpersonationInNET.aspx?display=Print
Unfortunately, it fails with the message:
"Logon failure: unknown user name or bad password"
Another hint to the problem: When the client and server are both machines on the corporate network, there are no connection problems at all.
How can I resolve the error and complete the connection to the server?
Even though it is not a best practice, I am completely okay with removing any security so I can keep this project moving forward
Until you grasp the details, best way to learn is to disable security. You have to create a new binding configuration at the server side with security mode set to "None". Name it "NoSecurity" for convenience. This configuration must have the same type (wsHttpBinding, etc.) you use at your endpoint. Then set the bindingConfiguration property of your endpoint to "NoSecurity".
Update your client configuration and you are set to go.
I know of no way to have a workgroup trust a domain, which means you have a couple of choices, as i see it
Add another endpoint in your WCF service that uses HTTP (a web service endpoint) and use this from the domain. This gets around the security problem, as you can impersonate here, or even set up a specific user that can access goodies in your workgroup server.
Whack down security in the WCF service. i would have to think about how to do this, but it is not a good idea anyway.
Create a domain and get a trust relationship.
The code project you mentioned is not dealing with impersonation in a way that is directly useful to WCF, as the authentication happens before you can even hit this code. I imagine you can whack at the framework bits to do it, but that would be nasty. There might be a way to use the code in an HTTP endpoint, but that can already be done without incurring the overhead of adding code that circumvents windows security.