Web Hosting

Girish Phadke in this paper explains the various steps in involved in securely hosting and deploying a WCF service. He starts with a discussion on the various criteria used to select an appropriate WCF service host, service bindings and the options available for choosing and provisioning a WCF service account. He examines the merits and demerits of using impersonation in a WCF service along with the different mechanisms available to implement it. He goes on to discuss the common attack vectors in a WCF service and finally examines the provisioning that is required on the infrastructure resources such as File System, MSMQ, Event Log etc. to enable a WCF service to run successfully.

Before a WCF service can be deployed in a production environment, typically there are a number of decisions that need to be made. Such decisions range from selecting an appropriate host for the WCF service, selecting a binding for the WCF service, selecting and provisioning a service account, securing the service against the various attack vectors to provisioning the requisite infrastructure resources for the WCF service.

Selecting a Service Host

WCF Service has to be hosted in a Service Host before it can be deployed and used. A Service Host typically provides the execution environment for the WCF service code. Different Service hosts provide a range of features for service deployment such as:

· Enabling a WCF Service to be exposed to the clients over various wire protocols such as HTTP, HTTPS, TCP, MSMQ, Named Pipe etc.

· Providing a security context for the execution of the WCF Service

· Providing on-demand message based activation of the WCF Service

· Providing a mechanism to configure the WCF Service

· Providing a mechanism to monitor the statistics and health of the WCF service

· Providing rapid fail protection

· Providing process management features such as IdleTimeout, Shutdown and StartupTimelimit

· Providing the necessary tools for WCF Service Management

A WCF service can be hosted in the following types of hosts:

Managed Application / Self Host

A .NET managed application can host a WCF service by creating an instance of ServiceHost class. ServiceHost class is part of the System.ServiceModel namespace. Hosting a WCF Service in a managed application is also sometimes referred to as Self Hosting. Some of the examples of managed applications hosting a WCF Service are Console, Windows Forms and WPF applications.

Self Hosting is very useful during the development and testing of applications but is rarely deployed in production scenarios. Self Hosting can also be used to support disconnected scenarios where a service agent invokes a locally self hosted service when the application is in disconnected mode. In Self Hosting, the Service Host has to be instantiated at the time of the managed application startup and closed before the managed application shutdown. The Service Host in a managed application can be configured via App.Config file for service host base address and various end points. Managed application acting as a service host does not provide features like message based activation, mechanism to monitor service health or service host resources or recycling of the service host process upon detection of error conditions.

The security context for the Self Hosted WCF service is the identity under which the managed application runs.

A WCF Service hosted in a managed application can be exposed over TCP, HTTP, HTTPS, Named Pipe and MSMQ protocols.

The following code sample is an example of WCF Service being hosted in a managed application and the service host is initialized declaratively via App.Config file:

Using(ServiceHost serviceHost = new ServiceHost(typeof(CalculatorService)))

{

//Open the Service Host to start receiving messages

serviceHost.Open();

// The service is now ready to accept requests

…..

…..

// Close the ServiceHost to shutdown the service.

serviceHost.Close();

}

Code Sample 1: Creating a Service Host in a Managed Application

The base address and the endpoints for the service host have to be configured in the sub section of the section of the App.Config as shown below:

name="SecureHosting.Samples.CalculatorService"

behaviorConfiguration="CalculatorServiceBehavior">

binding="wsHttpBinding"

contract="SecureHosting.Samples.ICalculator" />

binding="mexHttpBinding"

contract="IMetadataExchange" />

Code Sample 2: App.Config for Declaratively Configuring a Service Host in a Managed Application

Alternatively, the base address and the service endpoints can be configured programmatically instead of App.Config file as shown in the code sample below:

// Create a ServiceHost for the CalculatorService type.

using (ServiceHost serviceHost =

new ServiceHost(typeof(CalculatorService),new

Uri("http://localhost:9000/SecureHostingSamples/service")))

{

//Configure the service with an end point

serviceHost.AddServiceEndpoint(typeof(ICalculator),

new WSHttpBinding(), "");

// Open the ServiceHost to start receiving messages

serviceHost.Open();

….

….

….

//Close the service host to shutdown the service

serviceHost.Close ();

}

Code Sample 3: Configuring a Service Host Programmatically in a Managed Application

Managed Windows Service

A managed windows service can host a WCF service. In this mode of hosting, one of the ways to create the Service Host programmatically is to leverage the the OnStart event of the Windows Service. The Service Host can be closed during the OnStop event. The Windows Service that acts as a Service Host for a WCF Service inherits from the ServiceBase as well the WCF Service Contract interface. Unlike the self hosted applications, Windows Service provides the facility to manage the lifecycle of the service via the Service Control Manager (SCM) console but Windows Service Host does not provide a message based activation. The Windows Service also implements an installer class that inherits from the System.Configuration.Install.Installer class. This allows the Windows Service to be installed via the Installutil tool. The security context (service account for the Windows Service) for the WCF Service hosted in a Windows Service is configured via the installer class with the help of ServiceProcessInstaller class. SCM tool can be used later to maintain this service account for the Windows Service.

The Windows Service as a Service Host is a good option for WCF Services that implement long running processes. The WCF Service in this case can be managed via the SCM tool and is restarted automatically in case of a failure. A WCF Service hosted in a Managed Windows Service can be exposed over TCP, HTTP, HTTPS, Named Pipe and MSMQ protocols.

The following code sample is an example of WCF Service being hosted in a Managed Windows Service and the Service Host is initialized declaratively via App.Config file.

public class CalculatorService : ServiceBase, ICalculator

{

public ServiceHost serviceHost = null;

public static void Main()

{

ServiceBase.Run(new CalculatorService());

}

public CalculatorService()

{

ServiceName = "WCFWindowsCalculatorService";

}

//Start the Windows service.

protected override void OnStart(string[] args)

{

if (serviceHost != null)

{

serviceHost.Close();

}

// Create a ServiceHost for the Service

serviceHost = new ServiceHost(typeof(CalculatorService));

// Start Listening for the Messages

serviceHost.Open();

}

//Stop the Windows Service

protected override void OnStop()

{

if (serviceHost != null)

{

serviceHost.Close();

serviceHost = null;

}

}

}

Code Sample 4: Creating a Service Host in a Managed Application

Similar to a self hosted application, the Service Host in a managed service can be configured either via the App.Config file or programmatically in the OnStart method of the Windows Service.

IIS

The IIS hosting option (IIS 5.1, IIS 6.0 and IIS 7.0) allows the WCF Services to be hosted in the App Domains inside the ASP.NET worker process. IIS forwards the requests received for a WCF Service to the ASP.NET worker process. IIS supports message based activation. The Service instance is created only after receiving the first message. Hosting a WCF Service in IIS allows us to leverage features such as service configuration, service management, process health monitoring, idle time shutdown and worker process recycling. However when hosted in IIS (IIS 5.1 and IIS 6.0), only HTTP or HTTPS transport can be supported for the WCF Service. On Windows Server 2003, IIS hosting should be considered as the preferred option for deploying WCF services in production when the service has to be exposed over the HTTP or HTTPs protocols.

The security context for the WCF Service hosted inside the ASP.NET worker process is provided by the service account under which the worker process runs.

Hosting a WCF Service in IIS requires creation of a .SVC file besides a WCF Service implementation. No specific Service Hosting code is required to be written unless a custom service host needs to be created via System.ServiceModel.Activation.ServiceHostFactory class. Virtual Applications are created and dlls and sources are deployed to the physical path associated with the virtual application. Virtual Directory are the default container whose physical path contain the resources. The configuration for the service endpoints has to be defined in the Web.Config.

The following code sample depicts a .SVC file that allows the WCF Calculator Service to be hosted in IIS.

<%@ServiceHost language=c# Debug="true" Service="SecureHosting.Samples.CalculatorService" %>

Code Sample 5: SVC File for Hosting WCF Service in IIS

The following code sample depicts the section of the Web.Config file that is used to configure the WCF Calculator Service end points:

behaviorConfiguration="CalculatorServiceBehavior">

binding="wsHttpBinding"

contract="SecureHosting.Samples.ICalculator" />

binding="mexHttpBinding"

contract="IMetadataExchange" />

Code Sample 6: Web.Config File for Hosting WCF Service in IIS

WAS

Windows Process Activation Service (WAS) is a new process activation feature available on Windows Longhorn Server and Windows Vista. WAS enables IIS 7.0 to leverage message based activation for protocols such as TCP, MSMQ and Named Pipes in addition to the HTTP protocol. This provides all the benefits of IIS hosting such as message based activation, service configuration, service management, process health monitoring, idle time shutdown and worker process recycling. Additionally WAS removes the limitation associated IIS (IIS 5.1 and IIS 6.0) service hosting that only HTTP transport can be supported. WAS along with IIS 7.0 allows applications that need to use the TCP, MSMQ and Named Pipe protocols to take advantage of the IIS hosting features.

Service deployment process for IIS 7.0/WAS is same as discussed earlier for IIS host. However, the web sites need to be configured via the APPCMD utility to support non HTTP protocols. The following code sample illustrates the configuration of the default site for TCP, MSMQ and Named Pipe protocols: (You must start the command shell in “Run as Administrator” mode.)

%windir%\system32\inetsrv\appcmd.exe set site "Default Web Site" -+bindings.[protocol='net.tcp',bindingInformation='808:*']

%windir%\system32\inetsrv\appcmd.exe set site "Default Web Site" -+bindings.[protocol='net.msmq',bindingInformation='*']

%windir%\system32\inetsrv\appcmd.exe set site "Default Web Site" -+bindings.[protocol='net.pipe',bindingInformation='*']

Code Sample 7: Configuring Web Sites for enabling WAS for non HTTP Protocols

After running the above command, APPCMD tool updates the configuration file for WAS ApplicationHost.Config:

system.applicationHost>

bindingInformation="*:80:" />

bindingInformation="*" />

bindingInformation="808:*" />

bindingInformation="*" />

Code Sample 8: ApplicationHost.Config file for WAS

In order to enable the TCP protocol (in addition to the HTTP protocol) for the “SecureHostingSamples” application, the following command should be run from an administrator shell:

%windir%\system32\inetsrv\appcmd.exe set app "Default Web Site/securehostingsamples" /enabledProtocols:http,net.tcp

Code Sample 9: Configuring Applications for enabling WAS for TCP and HTTP Protocols

Criteria for Choosing a WCF Service Host

Depending upon the target deployment platform and the protocols to be support by the WCF Service, the following criteria can be used for choosing a Service Host:

· On Windows Longhorn Server, IIS 7.0 along with WAS should be used to host the WCF services that need to support the HTTP, TCP, MSMQ and Named Pipe protocols.

· On Windows Server 2003, IIS 6.0 should be used to host WCF services that need to be exposed over HTTP protocol. Managed Windows Service can be used in the production environment as a Service Host when the WCF Service has to support protocols like TCP, MSMQ and Named Pipe.

· On Windows Vista, IIS 7.0 along with WAS should be used to host the WCF Services that need to support HTTP, TCP, MSMQ and Named Pipe protocols. Self hosting can be used for development environment or to support disconnected mode.

· On Windows XP, IIS 5.1 should be used to host the WCF services that need to be exposed over HTTP protocol. Windows Service can be used as a Service Host when the WCF Service has to support protocols like TCP, MSMQ and Named Pipe. Self hosting can be used for development environment or to support disconnected mode.

http://msdn.microsoft.com/en-us/library/bb875951%28BTS.10%29.aspx