Call ASP.NET Web Service on the Same Farm as Web Application - asp.net

I am getting the following error when I try to call an ASP.NET Web Service from an ASP.NET Web Application. I believe it is because the Web Service and Web Application are on the same Farm/behind the same Load Balancer.
A connection attempt failed because the connected party did not properly
respond after a period of time, or established connection failed because
connected host has failed to respond [IP Address removed]:80
This error does not occur when I call the Web Service on the Farm from the Web App on my local machine, or when I call the Web Service on my local machine from the Web App on the Farm.
Any idea why this error is occurring?

The solution to my problem was to turn on NATing on the load balancer.
The request was being made from a server in the farm to the Load Balancer, then the Load Balancer would send that request to one of the servers in the farm (possibly even the same server that requested it). The problem was, the server that was handling the request would try to send the response directly back to the "requesting client" instead of back to the Load Balancer, so the server that made the request would just ignore the response because it was not being sent by the Load Balancer. By turning NATing on, all responses are sent back to the Load Balancer, and then the Load Balancer sends the response on to the original client.

This is just a guess, but can the web server actually see the IP address being used? If it's on a farm behind a load balancer then that IP might be being blocked by the load balancer itself or a firewall or proxy server.
Can you access the web server via remote desktop and ping the IP address?

The TCP/IP stack on your farm node is not going to route the call to the IP address of the load balancer, but will automatically translate this into a local call on 127.0.0.1:80 on the specific farm node that is making the call. Make sure your web servers are set up to handle this case.

Related

SignalR: WebSocket security and networking for load balancer

We are evaluating SignalR for chat in our web application. Web application runs on a IIS serverfarm behind a Netscaler load balancer. Back plane will be Redis.
What are the ports that need to be opened on load balancer to enable Websocket from web browser to web server?
Other than enabling sticky session from client, should I need to do anything on the load balancer?
SSL is terminated at load balancer. Do we need to do anything additional to enable SSL for websockets?
Are there anything I need to do in load balancer for long polling?
We are a HIPAA site. Are there any known vulnerabilities in using WebSocket?
We create a session cookie after initial authentication, that gets validated on every server request using a global filter in ASP.Net MVC5. Will this global filter gets invoked on every server side method of SignalR?

IIS ARR Load Balancer Set up, How do I access my sites now?

I've set up a load balancer using ARR on my server. I have two content servers that are hosting the web application and its API. Individually I am able to access the websites.
I've added the servers to a new Server Farm, I've given it a name as well.
Now, here comes the catch.
I don't have a DNS assigned to the server IP.
I'm not sure how to access the web sites through the load balancer. Is there a port on the server on which the farm works? or a URL?

How to get client machine name using asp.net web application

How to get client machine name accessing .net web application when its deployed on server and behind F5 load balancer
System.Net.Dns.GetHostEntry(HttpContext.Current.Request.ServerVariables["REMOTE_HOST"]).HostName;
this gives correct value when executed on local machine however it returns F5 load balancer IP address when deployed on server.
If your F5 is appropriately configured, it will add an X-FORWARDED-FOR HTTP header giving the IP address of the client it forwarded the request for (possibly also including other proxies in the path between the client and your F5)

Issue while deploying wcf service in load balancer environment

I configured a load balancer service for port 80 on two windows server 2003 machines. I deploy the same wcf service on IIS and shared the virtual IP to client to consume the service.
If both the servers are up and running then clients able to consume the service but of any server goes down it throws the below exception :-
There was no endpoint listening at server port that could accept the
message. This is often caused by an incorrect address or SOAP action.
See InnerException, if present, for more details.
Any idea ?

WCF using certificate over ssl (HTTPS) in load balancer environment

I want to find out how to set up a WCF service, which communicates with client via certificate over SSL (HTTPS) in a load balancer environment. The certificate is used for message exchanges.
Update
Below is current setup:
WCF 3.5 is used, but can be changed to ver 4 if required.
IIS7.5 and ASP.NET 3.5
certificate is installed on each IIS,
each WCF app is installed on each IIS,
certificate is issued to *.mydomainname.com, where my app is under myapp.mydomainname.com
does load balancer require certificate?
Goal
Client uses certificate to communicate with WCF service over HTTPS in load balancer.
Any idea would be very much appreciated!
Your site hosting the service must be exposed on domain name for example:
myapplication.enterprise.com
This configuration must be done on all application servers in the web farm (load balanced servers) = you must assign correct host header. You must request / create certificate for this domain name and install it (including private key) on all servers in the farm. You must configure your web sites on all servers to use this certificate. DNS record for the domain name must be configured to point to IP address of the load balancer.
Load balancing must be done on TCP level to maintain HTTPS between client and your servers. In this scenario load balanced environment should become completely transparent to client and load balancer will not need the certificate because it will only forward TCP connections and SSL tunnel will be created with the real web server.

Resources