Tuesday, 12 July 2011

IIS Express and SSL

There's plenty about this, but still I got caught out for a while this afternoon...

When using IIS express you can host a service expecting SSL, if you want to make calls into the local service it looks like you do have to trust the default localhost cert installed for IISExpress (see inetmgr "server certificates", this can be exported and imported into certmgr.msc)

See here for enabling SSL and a neat workaround for port numbers (iis express doesn't use 443 by default)

And
Jon Simpsons nice post for sending client credentials to a service which then uses ASP net authentication


Update: Another way (but not that safe) is to ingore the local cert trust issue in the client by adding this (in vb in this example)

System.Net.ServicePointManager.ServerCertificateValidationCallback = New System.Net.Security.RemoteCertificateValidationCallback(Function() True)




Sunday, 3 July 2011

TCP Relay Binding (azure / service bus)

The azure service bus has 3 modes of operation, tcp, http and auto-detect (correction:- tcp is the default)... This initially confused me; we were testing a simple scenario hosting a service on-premise and invoking it from the cloud via the service bus and relay. We need tcp but were expecting the connection to be refused as the ports were not yet open.
Whilst our firewall logs showed the tcp connection was refused as expected - the connection was then established over http.
Because we need tcp in our scenario, we're going to need to configure the service bus system connectivity mode to tcp (and not the default auto detect).

You can do this in the global asax

ServiceBusEnvironment.SystemConnectivity.Mode = ConnectivityMode.Tcp;


(At time of writing this will avoid a ping to the MS watchdog address when the service starts)


If you're hosting in WCF and can't add global asax then add a custom service behaviour extension

If you have a requirement to authenticate client credentials check out

this post

Which explains how to configure the service to flow client credentials from caller to service where a custom password validator component (very easy to write) can be configured to provide the validation

IIS hosted service "warm up" or "auto start"

The beta extension for IIS has been removed, so far as I can see the other option is calling the service method manually (script) or using the built in feature of "Windows Server App Fabric" if hosting for WF/WCF


The reason for looking? If you have a service acting as an on-premise end point to be called from a cloud service via the service bus using a relay-binding, that on-premise end point needs to be active (I won't say listening because it's not exactly).