Calling a WCF Service using another WCF Service over MSMQ on isolated environments

1
votes

I have a server with an Event Service that resides at our Head Office, H/O Server

I then have a Server that is hosted at an external service provider. Ext Server

Connectivity between the two machines is via VPN and both servers are on different domains.

I need an application on the Ext Server to make a call to my Event Service on the H/O Server. The Event Service is a WCF service.

I am thinking of using WCF over MSMQ to guarantee any events raised by the Ext Server application are delivered to the WCF Event Service.

My Question is how do I go about doing this:- I have my WCF Service hosted inside IIS on the H/O server, do I then setup MSMQ on the Ext Server and have my application on Ext Server reference the WCF Service as per normal, just changing the binding to point to the local queue?

If this is the case, what security issues am I in for and how would I get around them.

Thanks in advance

1
wcfmsmq

1 Answers

0
votes

If you are sending a message to a queue across domains you will need to grant send permissions on the remote queue to the local user called ANONYMOUS LOGON. This is for using Windows 2008 on the remote machine.

UPDATE

Any machines participating in the exchange of messages require MSMQ to be installed. In your service binding you identify a local queue for the service address. You create a one way operation contract to act as your message handler. This method will be called when a message is sent to this local queue.

From your sending machine you create a client binding which references the same queue (this time with a remote address). Then you can call the operation in the client code and this will result in MSMQ transmitting a message across to the remote queue.

The problem you will have is that you are going across domain, so by the time your call arrives on the remote queue the sender identity will have no meaning on that domain, so you will have to allow anyone to send messages onto the queue. You can do this by granting the Everyone local account Send permissions on the queue (you may also need Get Properties and Get Permissions).