I am new to the WCF model, but I have created a service, that seems to work in VS2010
Now I would like to access this windows service from an asp.net application. The reason behind this is: I want to be able to call the service to connect via SSH to a server, and keep that connection open (as I did in a Windows Forms app)
Any ideas on how to go about doing this? I tried it with an IIS hosted service, but the connection is lost each time the request finishes.
At least in VS2010 with the tester, I can invoke my connect function, then invoke other functions to query data, then disconnect.
FYI, the local Windows Service and IIS are on the same box.
WCF services by default create a new instance for each request. There are other models, although I'm not sure they will manage as long running a process as you want. This article has some good info on managing sessions: http://msdn.microsoft.com/en-us/magazine/cc163590.aspx
Alternatively, why not use a technology like workflow foundation, that was designed to run / persist / re-awaken long-running processes? http://msdn.microsoft.com/en-us/library/ee342461.aspx
Related
We have an ASP.NET app running on a Azure Windows Server 2012 R2 VM with IIS 8. All settings are pretty much default.
Our app runs on two web application. One for the frontend (MVC) and one for the API (Web API). Both use the DefaultAppPool.
Today one Web API request had a SQL server call that didn't return until the timeout (that SQL server was offline). But funny enough, all other calls to our Web API project also seemed blocked after that. We might have about 50 users on our website and maybe 5 users made a call to this blocking method at the same time.
So I'm a bit confused to why all other requests were also blocked. The request to the MVC frontend were not blocked. Even though it's using the same thread pool.
Reading the discussions about thread pools on IIS, I think we should have enough threads to handle a situation like this?
asp.net Thread-pool max threads - clarification?
What am I missing here?
My Situation
I have an intranet MVC application which uses, by mandate, integrated Windows Authentication. It hosts both a business UI and some WebAPI endpoints. I have an endpoint which must consumed by a SAP PI (Process Integration) REST adapter, which is hosted in Java. The SAP developer has only option for authentication: basic.
The Question
How can a SAP or any Java client authenticate to a Windows web application? My company really demands that this call eventually resolves to a Windows account, so mixed forms auth wont fly here. Any suggestions?
My Ideas
One thought I had was to have them encrypt windows credentials in a string and drop them in the headers or in the body of the message. I could then decrypt on my end, impersonate, and, if valid, execute the POST. This seems pretty bad to me, but I could get it to work. However, I think there must be something better out there.
I'm trying to consume a Java Web Service from third party, so i dont have any control over it. I have a pfx file which is password protected, and i installed it in my development box.
This is the code i'm using:
var proxy = new MyServiceReference.WsaaServerBeanService();
var result = proxy.login("test");
I'm getting System.Net.Sockets.SocketError.TimedOut exception when invoking the login web method. The first thing that come to my mind is an authentication issue. Apart from installing the pfx, do i need to send some other info to the web server to authenticate?
System.Net.Sockets.SocketError.TimedOut
Does not indicate an authentication issue, it indicates that you either are not able to contact the remote web service endpoint, or you are and the service is taking too long to respond. Make sure you can actually hit the endpoint from your machine via telnet, a web browser etc...
Authentication failures will usually return immediately.
Small question, was anyone able to control iTunes through any local webdeployment?
Most preferable through a hosted IIS WCF service?
I've tried on my Windos 7 with IIS7.5 and when I set the Process Model - Identity to 'Local System' on the IIS apppool containing the WCF service, I see the iTunes.exe popping up in the Task Manager.
But iTunes doesn't come 'alive' - no visual shell and even though the iTunesApp object is initialized in my WCF Service code, perfomring any actions on it won't work.
Side not, running the same service through Visual Studio 2010 debug mode, everything works just great!
UPDATE *
I was trying to communicate to iTunes through my windows phone and I thought of going round that with a website/service... but with the new Mango update we can do TCP sockets native on the phone! SO I'll try that route.
The reason service does not show any UI windows is becuase of Session Isolation. Your service (IIS application pool process) is running in session 0. Your desktop is attached to session 1 (or some other number if more than one user is logged on on this machine).
There are couple of workarounds to allow services to show UI to user:
1. You can mark service with option "Allow service to interact with desktop". This only works for services that are running as local system. This option is deprecated, should only be used for compatibility with legacy services.
2. Service can launch an intermediate process in user session and communicate to it.
If you don't want to interact with iTunes, and only want to lanch it in user session, what you need to do is:
Obtain name of windows station the user is running. You can use windows terminal services API for that. You will have to be creative to figure out which user session is currently active (if there is more than one). You probably also want to query user security token, so that process is run as a user, and not as a local system.
Call CreateProcessAsUser and pass STARTUPINFO structure. Set lpDesktop field in STARTUPINFO to point to window station you identified.
The reason this works when debugging in Visual Studio 2010 is because you're running VS under your login and your login has a visible desktop that iTunes can interact with.
If you launch from a process running under a service account then yes you'll see the executable in task manager but the iTunes won't have a visible desktop to interact with.
Here's the situaiton. I'm working on developing a new website to access an old database. This is a DoD installation so there's lots of security around.
The current application is written in classic ASP, VBScript and some javascript. The new systems is ASP.NET.
Accessing the database in the old system meant hitting the server with your own credentials (domainname\username). Now I'm trying to test some of the early development I've done. When I used Cassini (under VS2008), I had no trouble getting to the database because ourdomain\myusername registered with the SQL Server instance as a trusted connection. Due to security aspects that I have to write, Cassini can't serve as a test server anymore - I have to use IIS (we have security card readers here). Cassini can't handle them.
So when I went through all the problems of getting the appropriate accounts added to Administrators on my local pc so that I could debug in VS2008 while using IIS, I tried to connect to the database and I was rejected because MYPC\ASPNET was not a trusted connection.
Altering the existing database is out of the question. Hard coding usernames and passwords for access to the database is out of the question.
I asked the DBA if he could add MYPC\ASPNET to of the domain groups so that SQL Server could see it as a trusted connection (since MYDOMAIN\MYNAME was in a group that was seen as a trusted connection). He tells me that is not technically possible.
In the end there are going to be three or four machines (mine, another developer, the eventual live web server and a future test web server) who's ASPNET accounts are going to be hitting our two SQL servers (live and test).
What do I have to do to make the existing SQL server see me as Friend and not Foe? I looked at impersonation but I get the impression it's not compatible with our system - the business rules make a call to a common routine to create a SqlConnection object and open it (maybe even a SqlTransaction object to go with it) and this object is used for the rest of the business rules and data-access layer until it's done. It didn't look like impersonation would persist once the SqlConnection was opened (and passed, ByRef back to the calling routine)
Thanks in advance for any advice.
You have two options:
Run your web application in an application pool configured to run in the context of a domain account
Use impersonation and configure your web application to use windows authentication only
Use Impersonation
As has already been suggested you should use impersonation.
However if your SQL Server is running on a different machine than your web server then impersonation will not suffice as the credentials of the user will not be delegated to the SQL Server (server hop). In that case you will have to either enable delegation in the AD or create a non-Windows login on your SQL Server and use that instead (this will not work if your SQL Server actually uses the Windows login for access control to tables etc.).
Sounds like you want to impersonate the client who is accessing your web site correct? Have you tried to use impersonation or are you assuming it won't work?
Edit
As Albert points out, impersonation requires the user to be authenticated using Windows authentication. You will want to disable Anonymous Access, and enable Windows Authentication in IIS Management tool.