locked
Enable income channel for duplex channel in run time! RRS feed

  • Question

  •  

    Hi,

    Following my issue "WCF Duplex - Client is unable to finish the security negotiation within the configured timeout",

    I find the problem, its simply the firewall in the test application side which block the income channel from server during the duplex connection for call back. thanks to Richard Blewett

    All the time i tried to play with the server while the problem in my local PC (I just turn off the  firewall  in my pc) and it works.

    Now I have 2 questions:

    1. According to Richard's post, he said that if the server allow only port 80 (which is the case in our server), I will have to keep using <wsDualhttpBinding>, in this case, what should I do to let the app get the connection?, I think I can add an exception application in my firewall, but I'm sure there is a better and elegant way to do that in run time, Any suggestion?

    2. As Richard's suggestion: better to switch to netTcpBinding, do I need only to change the text in the config files between <wsDualHttpBinding> to <netTcpBinding> or need more...

     



    • Edited by Markos_King Monday, January 23, 2012 8:05 AM Add link to Richard post
    Monday, January 23, 2012 7:44 AM

All replies

  • Hello, to use WSDualHttpBinding, at a minimum, you need to open port 80 for both inbound and outbound connection (you can also use another port for inbound connection if you need). You have to configure firewall to allow the communication. There's no other workaround. To use NetTcpBinding, you need to open outbound connection on port 808. Again if you can't allow that on firewall, you can't use NetTcpBinding.

    If you really want to restrict firewall to open only port 80 for outbound connection, you can use a poll mechanism. The client will poll the service at a regular interval. If even outbound connection on port 80 is blockec, well, then your machine is totally isolated from the network.

    As for how to swtich to NetTcpBinding, you need to change the binding, as well as the service address so it begins with net.tcp instead of http.


    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.
    Monday, January 23, 2012 11:47 AM
  • Hi,

       thanks for the replay.

    Unfortunately, It partly works, when I'm working in house (same domain as server), I add new port 80 rule to firewall, all works.

    But, when I connect to public internet, the rule not helping!!!

    My config file looks like:

     

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.diagnostics>
        <sources>
          <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
            <listeners>
              <add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\log\Traces.svclog"/>
            </listeners>
          </source>
        </sources>
      </system.diagnostics>
      <system.serviceModel>
        <bindings>
          <wsDualHttpBinding>
            <binding name="WSDualHttpBinding_I_BridgeWCFService" closeTimeout="00:01:00"
              openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
              bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
              maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646"
              messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
              <readerQuotas maxDepth="256" maxStringContentLength="2147483646"
                maxArrayLength="2147483646" maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646" />
              <reliableSession ordered="true" inactivityTimeout="00:10:00" />
              <security mode="Message">
                <message clientCredentialType="Windows" negotiateServiceCredential="true"
                    algorithmSuite="Default" />
              </security>
            </binding>
          </wsDualHttpBinding>
        </bindings>
        <client>      
          <endpoint address="http://xx.xx.xx.xx/_Bridge1/_BridgeWcfService.svc" 
           binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_I_BridgeWCFService" 
           contract="_BridgeWcfServiceReference.I_BridgeWCFService" 
           name="WSDualHttpBinding_I_BridgeWCFService">
            <!--<identity>
              <dns value="win-jj" />
              <servicePrincipalName value="_BridgeWCFService" />
            </identity>-->
          </endpoint>
        </client>
    
        <behaviors>
          <!--<endpointBehaviors>
            <behavior name="CertForClient">
              <clientCredentials>
                <clientCertificate findValue="Dev_SignedByCA" storeLocation="CurrentUser" x509FindType="FindBySubjectName" />
                --><!--<serviceCertificate >
                  <defaultCertificate findValue="localhost" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName" />
                  <authentication certificateValidationMode ="PeerOrChainTrust"/>
                </serviceCertificate>--><!--
              </clientCredentials>
            </behavior>
          </endpointBehaviors>-->
        </behaviors>
      </system.serviceModel>
      <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/>
      </startup>
    </configuration>
    
    


    As you can see, I tried with and without the  </identity> section.

    IT MAKE ME CRAZYYYYYYYY, I'M WASTING 5 DAY ALREADY FOR THIS ISSUE!!!!!!

     

     


    • Edited by Markos_King Monday, January 23, 2012 1:24 PM TYPO
    Monday, January 23, 2012 1:24 PM
  • If you want to use the service from a public internet client, you cannot use Windows authentication, unless all clients are in the same domain as your server, which is unlikely. In addition, if your server is behind an NAT, you cannot find it from the internet. You have to make sure your server has a static internet visible address. Alternatively, you can use some NAT traversal solutions like Windows Azure Service Bus.


    Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
    If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.
    Tuesday, January 24, 2012 12:51 AM
  • My server have a static IP, when I tried to access it from public I used the public address/static IP (http://xx.xx.xx.xx/), again, I can access the service via web browser. ("http://xx.xx.xx.xx/_Bridge1/_BridgeWcfService.svc

    So what security I should change? 

    Tuesday, January 24, 2012 8:14 AM
  • Markos,

    Give your service a certificate as credentials.
    For the client: choose between a certificate or username/password.

    As soon as the client uses somethig else then Windows security, the servcie crentiels must be set to a certificate.

    Before you do this, test the connectivity part of your service/client (over the internet) and disable security! If that works, work your way up... Then you know that the client can call the service and the service can execute the callback. Do not enable security before this works. Solve one problem at a time.


    If this post answers your quenstion, please mark it as such. If this post is helpful, click 'Vote as helpful'.
    Tuesday, January 24, 2012 8:36 AM
  • Hi,

       thanks for the replay!

    1. What you mean by disable security? do you mean to use <security mode="none">?

    2. How can I gave my service a certificate?

    :(

    Tuesday, January 31, 2012 11:50 AM
  • You can set a service certificate like this in configuration (example):

    <serviceCredentials>
       <serviceCertificate findValue="SubjectName" 
        storeLocation="LocalMachine"
        storeName="My"
        X509FindType="FindBySubjectName"/>
    </serviceCredentials>
    
    

    If everything keeps failing, exclude things that can go wrong. Example, set security to 'none' (both on service and client) and test again. Does that work? If it doesn't, use WCF tracing and see what happens...


    If this post answers your quenstion, please mark it as such. If this post is helpful, click 'Vote as helpful'.
    Tuesday, January 31, 2012 1:00 PM
  • Seems like I still missing basic knowledge on certification, I understand that I need to do the following, please correct me:

    1. Create server certification in server (Create Temporary Certificates for Use During Development)

    2. Install it in server

    3. Add the serviceCredentials as you wrote with corresponding data

    4. Now what?, should I install it in my client?, and add the same serviceCredentials section to app.config?

    I search for step by step way for doing this, with no luck!

    Thanks in advance!

    Tuesday, January 31, 2012 1:21 PM
  • Markos,

    Your first step is to make it work without the certificate authentication (don't try to do all at once).

    If that works fine; here is a step by step guide on how to setup certificate authentication in WCF:

    http://msdn.microsoft.com/en-us/library/ff648360.aspx

     


    If this post answers your quenstion, please mark it as such. If this post is helpful, click 'Vote as helpful'.
    Tuesday, January 31, 2012 1:43 PM
  • configured the web.config & app.config as:

    <security mode="None">
    </security>
    
    But get the following exception, again :(, tried to disable firewall in client, same exception!!!

    The open operation did not complete within the allotted timeout of 00:00:59.2219555. The time allotted to this operation may have been a portion of a longer timeout.

    The trace file:

    <E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
    <System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
    <EventID>131075</EventID>
    <Type>3</Type>
    <SubType Name="Error">0</SubType>
    <Level>2</Level>
    <TimeCreated SystemTime="2012-01-31T15:06:16.6426529Z" />
    <Source Name="System.ServiceModel" />
    <Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
    <Execution ProcessName="Local_WCFBridgeTest.vshost" ProcessID="4040" ThreadID="10" />
    <Channel />
    <Computer>TPC_12345</Computer>
    </System>
    <ApplicationData>
    <TraceData>
    <DataItem>
    <TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Error">
    <TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier>
    <Description>Throwing an exception.</Description>
    <AppDomain>Local_WCFBridgeTest.vshost.exe</AppDomain>
    <Exception>
    <ExceptionType>System.TimeoutException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
    <Message>The open operation did not complete within the allotted timeout of 00:00:59.2259557. The time allotted to this operation may have been a portion of a longer timeout.</Message>
    <StackTrace>
    at System.ServiceModel.Channels.ReliableRequestor.ThrowTimeoutException()
    at System.ServiceModel.Channels.ReliableRequestor.Request(TimeSpan timeout)
    at System.ServiceModel.Channels.ClientReliableSession.Open(TimeSpan timeout)
    at System.ServiceModel.Channels.ClientReliableDuplexSessionChannel.OnOpen(TimeSpan timeout)
    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
    at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
    at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
    at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct&amp; sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
    at System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
    at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
    at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
    at System.ServiceModel.Channels.ServiceChannelProxy.ExecuteMessage(Object target, IMethodCallMessage methodCall)
    at System.ServiceModel.Channels.ServiceChannelProxy.InvokeChannel(IMethodCallMessage methodCall)
    at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&amp; msgData, Int32 type)
    at System.ServiceModel.ICommunicationObject.Open(TimeSpan timeout)
    at System.ServiceModel.ClientBase`1.System.ServiceModel.ICommunicationObject.Open(TimeSpan timeout)
    at System.ServiceModel.ClientBase`1.Open()
    at _WCF_BRIDGE_WinLibrary.WCF_Bridge_WinServiceBaseClass.initObjects()
    at _WCF_BRIDGE_WinLibrary.WCF_Bridge_SessionClass..ctor()
    at _WCF_BRIDGE_WinLibrary.WCF_Bridge_ServerClass..ctor()
    at Local_WCFBridgeTest.ServerWCFBridgeProxy..ctor()
    at Local_WCFBridgeTest.Program.CreateServerWCFBridgeProxy()
    at Local_WCFBridgeTest.FormLogin.btnConnect_Click(Object sender, EventArgs e)
    at System.Windows.Forms.Control.OnClick(EventArgs e)
    at System.Windows.Forms.Button.OnClick(EventArgs e)
    at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
    at System.Windows.Forms.Control.WmMouseUp(Message&amp; m, MouseButtons button, Int32 clicks)
    at System.Windows.Forms.Control.WndProc(Message&amp; m)
    at System.Windows.Forms.ButtonBase.WndProc(Message&amp; m)
    at System.Windows.Forms.Button.WndProc(Message&amp; m)
    at System.Windows.Forms.Control.ControlNativeWindow.OnMessage(Message&amp; m)
    at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message&amp; m)
    at System.Windows.Forms.NativeWindow.DebuggableCallback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
    at System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG&amp; msg)
    at System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr dwComponentID, Int32 reason, Int32 pvLoopData)
    at System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32 reason, ApplicationContext context)
    at System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason, ApplicationContext context)
    at System.Windows.Forms.Application.Run(ApplicationContext context)
    at Local_WCFBridgeTest.Program.Main()
    at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
    at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
    at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
    at System.Threading.ThreadHelper.ThreadStart_Context(Object state)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean ignoreSyncCtx)
    at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
    at System.Threading.ThreadHelper.ThreadStart()
    </StackTrace>
    <ExceptionString>System.TimeoutException: The open operation did not complete within the allotted timeout of 00:00:59.2259557. The time allotted to this operation may have been a portion of a longer timeout.</ExceptionString>
    </Exception>
    </TraceRecord>
    </DataItem>
    </TraceData>
    </ApplicationData>
    </E2ETraceEvent>
    


    Tuesday, January 31, 2012 3:14 PM