Proxy calls across a DMZ

Question

We need to determine a quick way for our web application deployed in a DMZ to communicate to our SQL server that lives in the protected network. Only port 80 is open and available, and no direct SQL traffic is allowed across the firewall.

So take the following simple system.

A web page (default.aspx) makes a call (string GetData()) that resides in an assembly (Simple.DLL). GetData() uses ADO.NET to open a connection, execute a SQL call, retrieve the data, and return the data to the caller.

However, since only port 80 is available and no SQL traffic is allowed, what could we do to accomplish our goal?

I believe a .NET remoting solution would work, and I have heard of an architecture where a remoting layer proxies the call from Simple.DLL in the DMZ to another Simple.DLL that runs on the protected side. The remoting layer handles the communication between the two DLL’s.

Can someone shed some light on how WCF/remoting can help us and how to get started with a solution?

Answer 1

I would simply host a WCF proxy service. (http://firewallhostaddress:80/MyDataz).

Inside the GetData method you would use the WCF proxy to get the data from the service. The WCF service inside the network would talk to the SQL server.

Am I missing something? Maybe later I could work up an example.

WCF Examples: http://msdn.microsoft.com/en-us/library/ms751514.aspx

I also recommend the book Programming WCF Services by Juval Lowy. http://www.amazon.com/Programming-WCF-Services-Juval-Lowy/dp/0596526997