Geek Answers Handbook

WCF behind an open reverse proxy that is used to encrypt traffic

I have a Silverlight application that connects to a WCF service. In the basic configuration I'm used to, there is no problem connecting this application to its corresponding WCF service.

However, recently one of my clients started using the Apache reverse proxy. This proxy server is a public server and is used only to encrypt HTTP traffic over SSL (HTTPS) between the client and him. This proxy server transfers all traffic from it to the actual web server on which my application is hosted. The traffic between the public proxy and the IIS server is just HTTP.

Thus, the traffic flow is as follows: End user browser --- HTTPS ----> Open reverse proxy ----- HTTP ----> IIS server hosting the WCF service.

Reverse proxy and IIS are on two separate servers.

I cannot get a Silverlight application to function normally. I'm not sure how to configure the endpoints? I get problems when I use the public proxy address as my final address.

A Silverlight application typically has this configuration:

<configuration> <system.serviceModel> <bindings> <basicHttpBinding> <binding name="BasicHttpBinding_IPOTemplateEditorSrv" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647"> <security mode="TransportWithMessageCredential" /> </binding> </basicHttpBinding> </bindings> <client> <endpoint address="https://public-reverse-proxy-url/POTemplateEditorSrv.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IPOTemplateEditorSrv" contract="POEditorSrvRef.IPOTemplateEditorSrv" name="BasicHttpBinding_IPOTemplateEditorSrv" /> </client> </system.serviceModel> </configuration>

Please note that I use, and I have an endpoint address pointing to the public HTTPS address of the reverse proxy.

Did I miss something? Is there any additional information for setting up a proxy server? Any workarounds that will force my Silverlight client to connect to the service?

+4
source share
1 answer

This answer may be too obvious, but it seems that the WSDL advertises the internal hostname as the WCF address - when that address is not public. Since IIS generates WSDL, it will just use this hostname in the addresses of the endpoints - this is not what you want, you want a proxy address.

Try creating a static copy of your WSDL file and publish it on your web server. Make sure you replace ALL LINKS with the internal host name, with the name of the public proxy server. Then reconfigure the WCF client to point to a static WSDL. You can find a short explanation here: Put another endpoint address in the WSDL of the WCF web service

If this does not work - try using a sniffer (wirehark) to capture what goes back and forth - disabling HTTPS may be the part that you need to remove from the equation. Your web service request seems to be SENT to the proxy server, but the proxy server cannot handle the request correctly - the perfect scenario to try our sniffing tools.

When you make a direct request to your SVC using a web browser, the request will look something like this.

 GET /POTemplateEditorSrv.svc HTTP/1.1 Host: public-reverse-proxy-url

But when sending through Silverlight, it might look like this:

 GET /POTemplateEditorSrv.svc HTTP/1.1 Host: private-server-address

This may be a subtle difference enough to break proxies.

+3
source

More articles:


All Articles