WCF + SSL wsDualHttpBinding 或 netTcpBinding

发布于 2024-08-17 12:37:14 字数 864 浏览 11 评论 0原文

我需要创建一个自托管的 WCF 服务。 我需要通过互联网在客户端和服务器之间建立安全的双工连接。

我看了WCF的一些文档,发现netTcpBinding适合内网应用,因为SSL只有点2点。如果是互联网应用,连接一定不能是点2点,对吗?那么传输安全中的 SSL 与 netTcpBinding 不适合吗?

那么我应该使用什么组合来创建安全的双工互联网应用程序? 非常感谢。


我已经尝试过 http://www.codeproject.com/KB/WCF/WCFWPFChat.aspx 本教程使用 netTcpBinding 和端点 localhost

我将端点 localhost 更改为基于名称的 url,将路由器中的端口转发到我的开发 PC,在 Windows 防火墙中打开相同的端口。

客户端程序可以与不同机器上的每个客户端程序聊天,但是回调连接将在一分钟后丢失。

我还尝试更改对 wsDualHttpBinding 的绑定,客户端程序可以与同一台计算机中的每个客户端聊天,并将回调连接保留在可靠会话 inactivityTimeout 设置中。但是另一台机器上的另一个客户端程序无法加入服务器,如果我关闭该机器上的Windows防火墙,客户端程序可以连接。

看来tcp绑定可以让客户端程序在Windows防火墙打开的情况下连接到服务器。但回调连接丢失。

wsDualHttpBinding 可以保持回调连接。但如果 Windows 防火墙打开,则无法连接到服务器。

有没有办法像 wsDualHttpBinding 一样保留 netTcpBinding 回调连接?

I need to create a self-hosted WCF service.
I need secure duplex connection between client and server through Internet.

I read some documents of WCF and found that the netTcpBinding is suitable for intranet application, because the SSL is only point 2 point. If it is an internet application, the connection must not be point 2 point, am I correct? so SSL in transport security with netTcpBinding is not suitable?

so what combination should I use to create a secure duplex internet application?
thank you very much.


I have tried http://www.codeproject.com/KB/WCF/WCFWPFChat.aspx
this tutorial use netTcpBinding and endpoint localhost

I change the endpoint localhost to a name based url, forward a port in my router to my development PC, open the same port at Windows firewall.

The client program can chat with each cients program in different machines, BUT the callback connection will lost after one minute.

I also tried changing the binding to wsDualHttpBinding, the clients program can chat with each clients in the same machine and kept the callback connection in the reliableSession inactivityTimeout setting. However another client program in another machine cannot join the server, if I turn off Windows firewall on that machine, the client program can connect.

It seems that tcp binding can let the client program connecting to the server with Windows firewall turn on. but callback connection lost.

and the wsDualHttpBinding can keep the callback connections. but cannot connect to server if Windows firewall on.

Is there a way to kept the netTcpBinding callback connection as in the wsDualHttpBinding?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

合久必婚 2024-08-24 12:37:14

听起来您有两个问题 - 双工连接和安全性。

如果您确实需要双工连接(例如,服务器启动的回调),那么这些都不会在互联网上很好地工作,除非您对两端的防火墙有非常好的控制(客户端仍然必须公开可公开访问的 HTTP 端点)以便服务器回调)。最好的方法是使用新的中继服务 .NET 4.0 - 这允许通过防火墙模拟服务器发起的连接。

编辑:这现在称为 AppFabric,是 Windows Azure 基础结构的

一部分在前面,您始终可以通过服务总线使用消息安全性,但我也不认为传输安全性会成为问题。

It sounds like you have two issues- duplex connection and security.

If you truly need a duplex connection (eg, server-initiated callbacks), neither of these will work very well over the internet unless you have very fine control over the firewalls on both ends (the client still has to expose a publicly accessible HTTP endpoint for the server to call back). The best way would be to use the new relay services with .NET 4.0- this allows for a mimic'd server-initiated connection through firewalls.

EDIT: this is now called AppFabric, and is part of the Windows Azure infrastructure

On the security front, you can always use message security over the service bus, but I don't see a reason why transport security would be a problem either.

記憶穿過時間隧道 2024-08-24 12:37:14

回答用户248724,

客户端程序可以互相聊天
科学家在不同的机器上编程,
但是回调连接将会丢失
一分钟后。一分钟后。

您需要让客户端或服务器至少每分钟互相 ping 一次,以保持连接套接字处于活动状态。

To answer user248724,

The client program can chat with each
cients program in different machines,
BUT the callback connection will lost
after one minute.after one minute.

You need either have the client or the server to ping each other at least every minute to keep the connection socket alive.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文