Can you achieve encrypted bi-directional communication using WCF when the client can be behind a proxy,a firewall or a NAT ?

Question

I have a client and a server both written in .net 3.5 so I've got no interoperability issues.

The server is fully accessible on port 443 (I'm hosting it so I can open other ports if needed)

The client is however less accessible. It's often behind a corporate firewall, or behind a NAT, or uses an http/https proxy to connect to the internet.

I need to establish an encrypted bi-directionnal communication between the client and the server.

The two bidirectional channels provided in WCF don't seem to do the trick :

• NetTcpBinding doesn't seem to support http proxies (source)

• WSDualHttpBinding requires that the client has a public URI that provides a callback endpoint for the service, which is unfortunately not the case here (source)

Can WCF establish this kind of encrypted bi-directional connection (silently using https tunelling if needed), without tuning the firewall/proxy settings on the client side ?

Answer 1

Yes. You can use WSDualHttpBinding or NetTcpBinding.

Answer 2

A reasonable firewall should allow this kind of behaviour. Since communication is initiated by the client, a stateful firewall will allow the communications channel to remain open, but only between the two well-known endpoints.

Answer 3

You are looking for a technology called Comet. Wikipedia entry If you Google "comet wcf" you'll find articles that should point you in the right direction.

Answer 4

I found some interesting information here

Basically, one can edit the app.config file like this :

<system.net>
   <defaultProxy useDefaultCredentials="true">
      <proxy bypassonlocal="False" proxyaddress="http://gateway:8080" />
   </defaultProxy>
</system.net>

I'm not sure it works for NetTcpBinding, although the article claims it works for custom bindings. I'll give it a try and let you know what happend.

UPDATE : it doesn't work (the defaultproxy configuration works only for http and https requests)

Answer 5

Hi Brann,

Have you got any solution for this? I have encountered the same situation with yours.

Answer 6

I have a similar need, and I saw this article about the Comet-esque feature that they've provided for Silverlight 2 over WCF: Silverlight Polling Duplex.

I haven't tried it yet but I'm thinking that the assembly built against the desktop runtime may include the client classes as well, if that's the case then this may be usable outside of Silverlight.

Edit: I checked both assemblies and they both implement the same Bindings and Channels, it looks like the same code just built against the desktop framework; so you should be able to use the "Server" assembly in a desktop application.