I realize this is a very big question. Just looking for a starting point.
I would like to securely expose an existing WCF service hosted by IIS to another ASP.NET client application outside the corporate network. The client application would NOT be VPN'd. What are my options here?
You can secure a WCF service with SSL, and Authentication, either by IIS or manage sessions with the WCF Service. The SSL would be a must in my opinion, so you know the traffic outside the network is secure to the device communicating with the service. Then
maintain some type of authentication.
I would like to securely expose an existing WCF service hosted by IIS to another ASP.NET client application outside the corporate network. The client application would NOT be VPN'd. What are my options here?
These are very high level steps, and you should seek the assistance of the IIS or TechNet forums for the server configurations and setup.
1. Have a server set up as a DMZ server that is exposed outside of your companies / businesses firewall that is exposed to internet traffic. This is where you will host your service in IIS (or even Windows Service). Securing that server and keeping it up
to date is outside the real of software engineering.
2. Obtain a SSL certificate and matching domain (GoDaddy is a good sugestion for this) for your service to change the IP it is hosted on the IIS server to a known domian lookup address. (i.e. https://www.mywcfservice.mycompany.com/Services/MyEndpoint) This
will be the address you will provide to external clients.
3. Since your client is a .NET client (ASP.NET), this keeps the door open for both SOAP or RESTful services. Choose which ever works best for you. If you decide to do a restful service, the following links might help a bit:
boggyboy
Member
42 Points
40 Posts
How to expose WCF services to Internet
Jul 09, 2012 09:58 PM|LINK
I realize this is a very big question. Just looking for a starting point.
I would like to securely expose an existing WCF service hosted by IIS to another ASP.NET client application outside the corporate network. The client application would NOT be VPN'd. What are my options here?
Where should I begin to look for guidance?
N_EvilScott
Star
8179 Points
1466 Posts
Re: How to expose WCF services to Internet
Jul 09, 2012 10:22 PM|LINK
You can secure a WCF service with SSL, and Authentication, either by IIS or manage sessions with the WCF Service. The SSL would be a must in my opinion, so you know the traffic outside the network is secure to the device communicating with the service. Then maintain some type of authentication.
BrockAllen
All-Star
27512 Points
4895 Posts
MVP
Re: How to expose WCF services to Internet
Jul 10, 2012 12:00 AM|LINK
Arguably SSL within the firewall is also a must :)
DevelopMentor | http://www.develop.com
thinktecture | http://www.thinktecture.com/
atconway
All-Star
16846 Points
2756 Posts
Re: How to expose WCF services to Internet
Jul 11, 2012 06:11 PM|LINK
These are very high level steps, and you should seek the assistance of the IIS or TechNet forums for the server configurations and setup.
1. Have a server set up as a DMZ server that is exposed outside of your companies / businesses firewall that is exposed to internet traffic. This is where you will host your service in IIS (or even Windows Service). Securing that server and keeping it up to date is outside the real of software engineering.
2. Obtain a SSL certificate and matching domain (GoDaddy is a good sugestion for this) for your service to change the IP it is hosted on the IIS server to a known domian lookup address. (i.e. https://www.mywcfservice.mycompany.com/Services/MyEndpoint) This will be the address you will provide to external clients.
3. Since your client is a .NET client (ASP.NET), this keeps the door open for both SOAP or RESTful services. Choose which ever works best for you. If you decide to do a restful service, the following links might help a bit:
Creating a WCF RESTful Service And Secure It Using HTTPS Over SSL:
http://allen-conway-dotnet.blogspot.com/2012/05/creating-wcf-restful-service-and-secure.html
RESTful Services: Authenticating Clients Using Basic Authentication:
http://allen-conway-dotnet.blogspot.com/2012/06/restful-services-authenticating-clients.html
Using Basic Authentication In REST Based Services Hosted in IIS:
http://allen-conway-dotnet.blogspot.com/2012/07/using-basic-authentication-in-rest.html