 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / Languages / C# / January 2008Question on using IIS for a C#/WCF backend
I have a team that is designing/building an n-tier (5 logical layer, 3 physical) WinForms application that will be deployed via ClickOnce. The backend will be using WCF for communication. Here is the question... the design team is using IIS, which is not a requirement of WCF. It is not a web application and we have total control of the binding protocol (HTTP, TCP, ES, etc.). Thier reasoning for using IIS is because of the requirement for SSL. My thought is that the backend should be behind the firewall and communicate to the client application via a proxy in the DMZ... with SSL handling pushed to edge devices. This would mean that the WCF application servers on the inside network would not have to be configured as web servers. Does anyone have any thoughts/recommendations/experience on this? WCF allows you to "expose" your code in any number of different ways. So the HOST stuff doesn't need to run its code (and get what it needs) thru IIS, as you suggest. But it will expose its services via http/ssl if you so choose. Check channel9 for the Greg Leake videos. His stocktrader application will actually do it both ways. 1. The host exposes services, but doesn't actually consume services. 2. The host exposes services, but USES services as well. (Aka, a second wcf layer). You can look at the code at stocktrader.msdn.com ( I think thats it?) But watch the videos BEFORE you open up the code. .. You can see my additions to the WCF technology here: http://sholliday.spaces.live.com/Blog/cns!A68482B9628A842A!158.entry I have a downloadable example....and you can expose the service through named pipes or a http web service. >I have a team that is designing/building an n-tier (5 logical layer, 3 >physical) WinForms application that will be deployed via ClickOnce. The [quoted text clipped - 12 lines] > > Does anyone have any thoughts/recommendations/experience on this? Some thoughts; first - why /not/ IIS? Are you just worried about an extra attack surface? Note that actully SSL is not a requirement for secure WCF; you can use message security and pass the message over http, tcp, carrier pidgeon[*], msmq, etc. You can also use the host as a service without IIS, including SSL certificates - but it is harder to do that; IIS is easy and well documented. *= you'll need to write your own driver here, I'm afraid Under the "KISS" principle, I use transport security (https) and IIS, running the code on those web-servers via IIS, with a firewall and NLB in front of them and a database server (and another fireall) behind them. It works well enough for my needs. Re terminating SSL at the edge devices - note that this *can't* be a simple passthru such as an NLB (F5 etc) configured to handle https but use http to the inner-farm. WCF must be configured the same at client and server: if the client is configured for transport security, the server must be configured for transport security; and if the server is configured for transport security it *will not accept* requests over http. You can use a .NET host/proxy at the perimeter, but I'm not sure it gains you much. I use an NLB, but I had to configure it to re-encrypt (with a different SSL session) between the NLB and the farm. Alternatively, if you go to message security then your NLB can be a simple pass-thru again. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.