WCF push to client through firewall?

Question

See also How does a WCF server inform a WCF client about changes? (Better solution then simple polling, e.g. Coment or long polling)

I need to use push-technology with WCF through client firewalls. This must be a common problem, and I know for a fact it works in theory (see links below), but I have failed to get it working, and I haven't been able to find a code sample that demonstrates it.

Requirements:

• WCF
• Clients connects to server through tcp port 80 (netTcpBinding).
• Server pushes back information at irregular intervals (1 min to several hours).
• Users should not have to configure their firewalls, server pushes must pass through firewalls that have all inbound ports closed. TCP duplex on the same connection is needed for this, a dual binding does not work since a port has to be opened on the client firewall.
• Clients sends heartbeats to server at regular intervals (perhaps every 15 mins) so server knows client is still alive.
• Server is IIS7 with WAS.

The solution seems to be duplex netTcpBinding. Based on this information:

WCF through firewalls and NATs

Keeping connections open in IIS

But I have yet to find a code sample that works.. I've tried combining the "Duplex" and "TcpActivation" samples from Microsoft's WCF Samples without any luck. Please can someone point me to example code that works, or build a small sample app. Thanks a lot!

Answer 1

In most firewall setups, the TCP connection will be torn down by the firewall if it is idle to conserve resources. The idle timeout is probably not something you can control. Some will tear them down if they are idle and a resource limit is being hit.

Most corp environments won't allow any machines to make an outbound TCP connection anyway.

Also, using this mechanism means you are going to have scaling problems. I think more reliable solution is to queue up information and have your clients poll for them regularly. Utilize caching if possible such that a subsequent client poll will get the cached data from the customers proxy cache, if they are using one.

If you have to push data in a timely manner, in sub-second land (i.e. financial services), then consider some messaging infrastructure such an NServiceBus distributor on client side, but that will require a customer install...

So have you tried using Toredo? Having read that it would appear there it is prob too complicated for a user to setup.

Answer 2

TCP connection will be torn down by the firewall

I don't think firewall teardowns will be the big problem, it can be solved with shorter heartbeats/reconnects from the client.

Most corp environments won't allow any machines to make an outbound TCP connection anyway.

Outbound connections will be made on port 80 which we can assume is always open.

scaling problems

Surely pull-technology have more scaling problems with clients constantly polling for information. Push is a requirement since a delay of more than a few seconds is unacceptable.

Thanks for the tip about NServiceBus, it looks very useful even though it doesn't specifically solve this problem.

Teredo is too difficult for regular users as you say.

Thanks for your reply. More help anyone? :)

Answer 3

I have not tried the scenario you speak of so I can't be too much help, sorry. If all you need to bypass is the client firewall you might want to check out this post.

Good luck.

Answer 4

Have you tried looking at: http://www.codeproject.com/KB/WCF/WCF_Duplex_UI_Threads.aspx

Can you provide examples of what you have already attempted? With details of firewalls etc, error messages?

If both client and server can be addressed directly and firewalls are not an issue, have you considered allowing clients to register a URL providing a supported contract. The server can then call this service whenever it needs to, without the need to establish a long running (but mostly idle connection), avoids the need for heart beating and can be made resilient across sessions\connections.

Answer 5

I've found a couple of solutions:

RemObjects Commercial, active development, supports everything but does not seem to have all the more advanced features that GenuineChannels use.

DotNetRemoting Commercial, seems good enough.

GenuineChannels. It uses remoting with a lot of nice added features, the most important one being it works through NATs without the need to open the client firewall. Unfortunately seems to be very dead, mails bouce and their site is infected by the "Virut" virus (!).

Another solution is to use streaming with IIS, according to this article: Keeping connections open in IIS

The client makes the first connection (http with IIS6, tcp with IIS7) to the server at port 80, the connection is then kept open with a streaming response that never ends.

I haven't had the time to experiment with this, and I haven't found a sample that says it specifically solves the firewall-problem, but here's an excellent sample that probably works: Streaming XML.

Answer 6

Have you tried this one? DuplexHttpBinding

It is using smart polling technique encapsulated as custom WCF binding. So it should work out of the box.

Answer 7

Hi,

You can do following change in client for accessing duplex web service on Firewall enabled client.

• Set WebHttp option checked in Firewall -> Advanced -> Settings (of Network Connection Setting) -> Web Server (Http)