Different services on different ports in WCF - c#

I'm in a situation where I want to use WCF to expose two different interfaces:
Internal (IPC communication)
External (Http REST)
The external interface shouldn't be able to see or use the internal interface so what I was thinking about were to host the two services on different ports e.g. (8000 for internal and 8001 for external) and then block all external communication on port 8000.
Moreover, I tried fiddling around with using named pipes for IPC communication, and I ran into an issue. If the unexpected situation occurs, that the service crashes or goes offline the client would also have to be restarted to be able to establish the communication with the service via the named pipes. Is this normal behavior and can it be avoided?
I have the following code so far:
// Service Host
var host = new ServiceHost(serviceContract, new Uri(_address));
host.Description.Behaviors.Add(new ServiceMetadataBehavior { HttpGetEnabled = true });
var behaviour = host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
behaviour.InstanceContextMode = InstanceContextMode.Single;
// Local Endpoint
host.AddServiceEndpoint(typeof(ILocalServiceContract), new BasicHttpBinding(), "Local");
host.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpBinding(), "mex");
// External Endpoint
var webHttpBidning = new WebHttpBinding { TransferMode = TransferMode.Streamed };
var externalEndPoint = host.AddServiceEndpoint(typeof(IExternalServiceContract), webHttpBidning, "External");
externalEndPoint.Behaviors.Add(new WebHttpBehavior());
They are currently both hosted on the same port which I want to avoid, I'm fairly new to WCF and I could really use some guidance for best practice and what I'm doing wrong. As mentioned earlier the 'BasicHttpBinding' could maybe be replaced with a named pipe if my issue can be resolved.
Looking forward to hear to the experts and if you need any clearification feel free to ask :)

I solved the issue with the following code on server. On the clients which communicate with the server via named pipes, I used "WcfClientProxyGenerator" library to generate fault tolerant client proxies.
_namedPipeAddress = "net.pipe://localhost/";
_httpAddress = "http://localhost:8000";
var host = new ServiceHost(serviceContract, new Uri(_namedPipeAddress), new Uri(_httpAddress));
host.Description.Behaviors.Add(new ServiceMetadataBehavior { });
var behaviour = host.Description.Behaviors.Find<ServiceBehaviorAttribute>();
behaviour.InstanceContextMode = InstanceContextMode.Single;
behaviour.IncludeExceptionDetailInFaults = true;
// Local Endpoint
host.AddServiceEndpoint(typeof(ILocalServiceContract), new NetNamedPipeBinding(), "Local");
host.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexNamedPipeBinding(), "mex");
//// External Endpoint
var webHttpBidning = new WebHttpBinding { TransferMode = TransferMode.Streamed };
var externalEndPoint = host.AddServiceEndpoint(typeof(IExternalServiceContract), webHttpBidning, new Uri(_httpAddress));
externalEndPoint.Behaviors.Add(new WebHttpBehavior());
For further improvements to this solution feel free to comment :)

Related

Multiple contracts in one service can not be discovered on Client using WCF Discovery

I want to develop a WCF service to support multiple contracts. I managed to make this work by following the instruction from this post on Stackoverflow.
So basically create one service(FooBarService) to implement multiple contracts(IFooService, IBarService).
string serviceAddress = "net.tcp://localhost:8088/FooBarService";
ServiceHost selfServiceHost = new ServiceHost(typeof(FooBarService));
// The endpoints need to share this binding.
var binding = new NetTcpBinding();
selfServiceHost.AddServiceEndpoint(typeof(IFooService), binding, serviceAddress);
selfServiceHost.AddServiceEndpoint(typeof(IBarService), binding, serviceAddress);
But the challenging thing is that I want to also make this service discoverable using WCF Discovery in order to decouple client and service from endpoint binding.
In the Service side, I did something like this:
var discoveryBehavior = new ServiceDiscoveryBehavior();
discoveryBehavior.AnnouncementEndpoints.Add(new AnnouncementEndpoint(new NetTcpBinding(SecurityMode.None), new EndpointAddress("net.tcp://localhost:8001/Announcement")));
_serviceHost.Description.Behaviors.Add(discoveryBehavior);
_serviceHost.AddServiceEndpoint(new UdpDiscoveryEndpoint());
It seems that the service can work.
But on one of client that want to only use contract IFooService, I always got the following error when I try to discover it.
Unable to discover the endpoint for contract.IFooService. Either no service exists or it does not support discovery.
Do you think if it is possible to achieve discoverable multiple contracts in one service in this case?
If YES, how can I do that based on the code i have right now?.
Thanks.
I would think it would be possible. Try doing the simplest thing first to see if that works:
string serviceAddress = "net.tcp://localhost:8088/FooBarService";
ServiceHost selfServiceHost = new ServiceHost(typeof(FooBarService));
// The endpoints need to share this binding.
var binding = new NetTcpBinding();
selfServiceHost.AddServiceEndpoint(typeof(IFooService), binding, serviceAddress);
selfServiceHost.AddServiceEndpoint(typeof(IBarService), binding, serviceAddress);
// Add ServiceDiscoveryBehavior
selfServiceHost.Description.Behaviors.Add(new ServiceDiscoveryBehavior());
// Add a UdpDiscoveryEndpoint
selfServiceHost.AddServiceEndpoint(new UdpDiscoveryEndpoint());
Client:
static EndpointAddress FindCalculatorServiceAddress()
{
// Create DiscoveryClient
DiscoveryClient discoveryClient = new DiscoveryClient(new UdpDiscoveryEndpoint());
// Find ICalculatorService endpoints
FindResponse findResponse = discoveryClient.Find(new FindCriteria(typeof(IFooService)));
if (findResponse.Endpoints.Count > 0)
{
return findResponse.Endpoints[0].Address;
}
else
{
return null;
}
}
Also make sure that you can create clients with the two different contracts and call the services manually.

WCF - Create client programmatically only from endpoint name

My WCF client can connect to several endpoints. But they all have different addresses, bindings and contracts. So my question is : How can I create my WCF client programmatically depending just of the name of my endpoint I want to connect to (which I have in my code)
If I understood your question correctly, I believe this is the answer [using IPC, can be easily converted to other communication types]
Listener:
_host = new ServiceHost(typeof(ContractClass));
_host.AddServiceEndpoint(typeof(IContract), new NetNamedPipeBinding(), new Uri("net.pipe://localhost/" + listenerEndpointName));
_host.Open();
Client:
var factory = new ChannelFactory<IContract>(new NetNamedPipeBinding(), new EndpointAddress("net.pipe://localhost/" + listenerEndpointName));
IContract proxy = factory.CreateChannel();

Locally Hosted WCF service - I don't want clients to have to authenticate

I have a self-hosted WCF service that is hosted by a desktop application.
I can successfully connect to the service locally on my PC, but I can't use the service remotely, at least without providing my windows/domain level credentials.
I use the following code to start the service in the app:
ServiceHost host = new ServiceHost(
typeof (SMService),
new Uri("net.tcp://localhost:" + SMGlobals._DEFAULTSERVICEPORT.ToString() + "/SMService"));
host.AddServiceEndpoint(
typeof(ISMService),
new NetTcpBinding(),
"");
System.ServiceModel.Channels.Binding mexBinding = MetadataExchangeBindings.CreateMexTcpBinding();
var metadataBehavior =
new ServiceMetadataBehavior();
host.Description.Behaviors.Add(metadataBehavior);
host.AddServiceEndpoint(
typeof(IMetadataExchange),
mexBinding,
"net.tcp://localhost:" + SMGlobals._DEFAULTSERVICEPORT.ToString() + "/SMService/mex");
host.Open();
SMGlobals.SMServiceHost = host;
If I create a simple client to call the service using the following code:
var client = new SMServiceClient();
var uri = "net.tcp://192.168.11.10:8760/SMService";
client.Endpoint.Address = new EndpointAddress(uri);
var initiateResponse = client.InitiateAuthentication(new InitiateAuthenticationRequest());
MessageBox.Show("Success!");
I receive the following exception:
System.ServiceModel.Security.SecurityNegotiationException: The server has rejected the client credentials. ---> System.Security.Authentication.InvalidCredentialException: The server has rejected the client credentials. ---> System.ComponentModel.Win32Exception: The logon attempt failed
Now, from other research, I have discovered that I could provide my credentials with the client call using the following code:
var client = new SMServiceClient();
var uri = "net.tcp://192.168.11.10:8760/SMService";
client.Endpoint.Address = new EndpointAddress(uri);
client.ClientCredentials.Windows.ClientCredential.Domain = "domain";
client.ClientCredentials.Windows.ClientCredential.UserName = "my_user_name";
client.ClientCredentials.Windows.ClientCredential.Password = "my_password";
var initiateResponse = client.InitiateAuthentication(new InitiateAuthenticationRequest());
MessageBox.Show("Success!");
And now, the code successfully completes.
I'm having a hard time figuring out how to remove this requirement. I've tried messing around with the binding setup on the client without success.
Can anyone point me in the right direction?
A Tcp Binding has security enabled by default, so to get what you want, you need to explicitly turn it off. Add your endpoint like this. You might also explore the MSDN help for NetTcpBinding as you might want to user an alternate constructor to also switch off reliable messaging.
host.AddServiceEndpoint(
typeof(ISMService),
new NetTcpBinding(SecurityMode.None),
"");
Set the appropriate Authentication on the Binding.
ClientAuthenticationType="None"
I had a similar issue. Worked locally between two processes but the same code failed when the two processes were put on different machines (or locally using a public URL that resolved to the local machine, e.g. mylocalmachine.corp.com). I found that I needed to explicitly set the Anonymous binding's security to 'None':
<binding name="TcpAnonymousBinding" portSharingEnabled="true" receiveTimeout="24:00:00">
<security mode="None"/>
</binding>

Connecting to SAP Web Service from C# .NET application

I've written a Windows Application to test a connection to a clients SAP web services. The web service call requires X509 certificate security.
After reading various articles on the internet I've come up with three ways to attach the X509 certificate to the web service call. Unfortunately all of these attempts return a '401 Unauthorised Access'. However, I can connect to the web service via the URL in IE.
Does anybody have any sugestions as to what I may be doing wrong? I am using WSE 3.0 and the three methods I am using to attach the certificate are as follows:-
Certificate
X509Certificate2 oCert = GetSecurityCertificate(oCertificate);
svc.ClientCertificates.Add(oCert);
Token
X509SecurityToken oToken = GetSecurityToken(oCertificate);
svc.RequestSoapContext.Security.Tokens.Add(oToken);
Policy
SAPX509Assertion sapX509Assertion = new SAPX509Assertion(oCertificate, oStoreLocation, oStoreName, oFindType);
svc.SetPolicy(sapX509Assertion.Policy());
GetSecurityToken() and GetSecuirtyCertificate both search the certificate store. The SAPX509Assertion does this:-
public SAPX509Assertion(String certSubject, StoreLocation oStoreLocation, StoreName oStoreName, X509FindType oFindType)
{
ClientX509TokenProvider = new X509TokenProvider(oStoreLocation,
oStoreName, certSubject, oFindType);
ServiceX509TokenProvider = new X509TokenProvider(oStoreLocation,
oStoreName, certSubject, oFindType);
Protection.Request.EncryptBody = false;
Protection.Response.EncryptBody = false;
}
Update
OK, I have a WCF call now in place. I couldn't use the BasicHttpBinding method shown by Eugarps as it complained that I was connecting to a https address and expected http...which made sense. The code I now have is:-
var binding = new WSHttpBinding();
binding.MaxReceivedMessageSize = int.MaxValue;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
binding.Security.Mode = SecurityMode.Transport;
WCFConnection.CreateAbsenceWSlow.ZWSDHTM_GB_AMS_CREATEABS_lowClient client;
CreateAbsenceWSlow.ZfhhrGbbapiZgeeamsCreateabsResponse response;
CreateAbsenceWSlow.ZfhhrGbbapiZgeeamsCreateabs data;
//Assign address
var address = new EndpointAddress(sUrl);
//Create service client
client = new CreateAbsenceWSlow.ZWSDHTM_GB_AMS_CREATEABS_lowClient(binding, address);
//Assign credentials
client.ClientCredentials.UserName.UserName = sUserName;
client.ClientCredentials.UserName.Password = sPassword;
response = new CreateAbsenceWSlow.ZfhhrGbbapiZgeeamsCreateabsResponse();
data = new WCFConnection.CreateAbsenceWSlow.ZfhhrGbbapiZgeeamsCreateabs();
response = client.ZfhhrGbbapiZgeeamsCreateabs(data);
It's still failing to connect to the SAP web service. The error I am receiving is "The HTTP request is unauthorized with client authentication scheme 'Negotiate'". I've also tried using
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
which returned a similar error.
Does anybody have any further suggestions or ideas of where I am going wrong?
Now, this is all coming from my own experience so some of it may be wrong, but here's how I understand the process (I received no documentation and my company had no experience in calling SAP before I began doing it).
SAP WS calls are only supported by WCF BasicHttpBinding, and as far as I can tell, only using plain-text credentials. This means you will want to use IPSec or HTTPS if you need to make your communication private (outside intranet, or sensitive data within intranet). Our SAP server does not have HTTPS configured, but we use VPN with IPSec for external communication. Important to note is that, by default, SAP GUI also does not make communication private. In this situation, you are being no less secure by using the method detailed below than the business user down the hall who is looking up sensitive data in GUI 7.1. Here's how I connect to our SAP server internally:
//Create binding
//Note, this is not secure but it's not up to us to decide. This should only ever be run within
//the VPN or Intranet where IPSec is active. If SAP is ever directly from outside the network,
//credentials and messages will not be private.
var binding = new BasicHttpBinding();
binding.MaxReceivedMessageSize = int.MaxValue;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
//Assign address
var address = new EndpointAddress(Host);
//Create service client
var client = new SAP_RFC_READ_TABLE.RFC_READ_TABLEPortTypeClient(binding, address);
//Assign credentials
client.ClientCredentials.UserName.UserName = User;
client.ClientCredentials.UserName.Password = Password;
As far as I have been able to determine, message-level security is not supported, and bindings other than basicHttpBinding (SOAP 1.1) are not supported.
As I said, this is all from experience and not from training, so if anybody can add something through comments, please do so.
I've faced the same problem and it seems I've found the sollution here: http://ddkonline.blogspot.com/2009/08/calling-sap-pi-web-service-using-wcf.html.
CustomBinding binding = new CustomBinding();
binding.Elements.Add(new TextMessageEncodingBindingElement(MessageVersion.Soap11, Encoding.UTF8));
HttpsTransportBindingElement transport = new HttpsTransportBindingElement();
transport.AuthenticationScheme = AuthenticationSchemes.Basic;
//transport.ProxyAuthenticationScheme = AuthenticationSchemes.Basic;
transport.Realm = "XISOAPApps";
binding.Elements.Add(transport);
var address = new EndpointAddress("https://foooo");
........ create client proxy class
service.ClientCredentials.UserName.UserName = "<login>";
service.ClientCredentials.UserName.Password = "<password>";
Unfortunatelly I'm not able to use WCF in my application, I have to stick with .NET 2.0 and WSE 3.0, and I wounder if anybody was able to find sollution to that?
After all this time, the client has finally obtained someone to deal with the issue from their SAP end of things. Turns out the WSDL files we were supplied were incorrect and the certification had been done wrong. I reran my code with the new WSDL files and it worked first time.
Does your certificate happen to be mapped to a valid user in your user store?

Using a C# Service Reference SOAP Client with different Endpoint URIs

I have a SOAP Webservice that is available on multiple servers, thus having multiple endpoints. I want to avoid adding multiple Service References (C# SOAP Port Clients) with different names just to talk to this services, since the API is exactly the same.
Is there a way to configure the Endpoint URI at runtime?
I use the following which works great:
ServiceReference1.wsSoapClient ws= new ServiceReference1.wsSoapClient();
ws.Endpoint.Address = new System.ServiceModel.EndpointAddress("http://xxx/myservice.asmx");
I had trouble finding this one also. I finally just borrowed the configuration binding and did this:
private static wsXXXX.IwsXXXXClient wsXXXXClientByServer(string sServer)
{
// strangely, these two are equivalent
WSHttpBinding binding = new WSHttpBinding("WSHttpBinding_IwsXXXX");
// WSHttpBinding binding = new WSHttpBinding(SecurityMode.Message, false);
EndpointAddress remoteAddress = new EndpointAddress(new Uri(string.Format("http://{0}:8732/wsXXXX/", sServer)), new UpnEndpointIdentity("PagingService#rl.gov"));
return new wsXXXX.IwsXXXXClient(binding, remoteAddress);
}

Categories

Resources