1
votes

I need to create a self-hosted WCF service. I need secure duplex connection between client and server through Internet.

I read some documents of WCF and found that the netTcpBinding is suitable for intranet application, because the SSL is only point 2 point. If it is an internet application, the connection must not be point 2 point, am I correct? so SSL in transport security with netTcpBinding is not suitable?

so what combination should I use to create a secure duplex internet application? thank you very much.


I have tried http://www.codeproject.com/KB/WCF/WCFWPFChat.aspx this tutorial use netTcpBinding and endpoint localhost

I change the endpoint localhost to a name based url, forward a port in my router to my development PC, open the same port at Windows firewall.

The client program can chat with each cients program in different machines, BUT the callback connection will lost after one minute.

I also tried changing the binding to wsDualHttpBinding, the clients program can chat with each clients in the same machine and kept the callback connection in the reliableSession inactivityTimeout setting. However another client program in another machine cannot join the server, if I turn off Windows firewall on that machine, the client program can connect.

It seems that tcp binding can let the client program connecting to the server with Windows firewall turn on. but callback connection lost.

and the wsDualHttpBinding can keep the callback connections. but cannot connect to server if Windows firewall on.

Is there a way to kept the netTcpBinding callback connection as in the wsDualHttpBinding?

2

2 Answers

4
votes

It sounds like you have two issues- duplex connection and security.

If you truly need a duplex connection (eg, server-initiated callbacks), neither of these will work very well over the internet unless you have very fine control over the firewalls on both ends (the client still has to expose a publicly accessible HTTP endpoint for the server to call back). The best way would be to use the new relay services with .NET 4.0- this allows for a mimic'd server-initiated connection through firewalls.

EDIT: this is now called AppFabric, and is part of the Windows Azure infrastructure

On the security front, you can always use message security over the service bus, but I don't see a reason why transport security would be a problem either.

0
votes

To answer user248724,

The client program can chat with each cients program in different machines, BUT the callback connection will lost after one minute.after one minute.

You need either have the client or the server to ping each other at least every minute to keep the connection socket alive.