Reverse-VPN-like connectivity

Hi Albert, Thanks for the info. Providing internet addressable address is good idea - I will check with the team about it :thumbsup: Web service on AS1 does require authentication, but it must be Windows authentication of Network-A for that user!. In case of any other possibility or possible blockades that we might face, do let me know :)

Hi, Scenario: There are two isolated networks A and B with systems and applications (all Windows environment) Network A - Client AC1 - Server AS1 Network B - Server BS1 "AC1" initiates a VPN-like connection and connects to Network B. "AC1" then connects to a web application hosted on "BS1" "BS1" in turn needs to connect to a Web Service hosted in "AS1" using Network A credentials of user on "AC1". Is this possible? What do we need to ask the Network team of A and B to do in order to achieve this? Thanks in advance.

Hi, Scenario: Windows forms application is the client talking to a WCF service exchanging sensitive data in both directions 1. Transport Security • SSL using server certificate with Anonymous client authentication - is encryption of message optional? o What ensures that the message is definitely encrypted? o Symmetric key is negotiated for message encryption, but what controls the strength of this key 128-bit / 256-bit etc.? • If an additional layer of custom encryption/decryption logic is implemented along with SSL, specifically for message security, are there any drawbacks? 2. Message Security • When message security is enabled over HTTP (no SSL) and a server certificate is provided in the configurations, how is the message encrypted/decrypted - with what key and how is the key exchanged? • When message security is enabled over HTTPS (with SSL certificate) is the encryption/decryption happening twice? o Is it possible to configure an Anonymous client (no client certificate/authentication) in this scenario? o Is it possible to configure different certificates for SSL negotiation and for message encryption/decryption? o What key used for message encryption - same as SSL negotiated key or new key based on the provided certificate? 3. SSL Server Certificate Validation by client • By default, client validates the certificate during initial handshake - what all information of the certificate, exactly are validated and what are not validated? This validation is done by whom – .NET framework on the client or the OS itself? o How different is this validation, from X509Certificate2.Verify() method call on the certificate, if done explicitly? • In client code, if the callback to ServicePointManager.ServerCertificateValidationCallback delegate is registered, does this method get called before or after the automatic validation of server certificate? Thanks in advance for your help.

Please advice on which rule has been violated and what else should be done. [Edit] My bad! I see there is WCF group under general programming! Sorry!

Hi, Scenario: Windows forms application is the client talking to a WCF service exchanging sensitive data in both directions 1. Transport Security • SSL using server certificate with Anonymous client authentication - is encryption of message optional? o What ensures that the message is definitely encrypted? o Symmetric key is negotiated for message encryption, but what controls the strength of this key 128-bit / 256-bit etc.? • If an additional layer of custom encryption/decryption logic is implemented along with SSL, specifically for message security, are there any drawbacks? 2. Message Security • When message security is enabled over HTTP (no SSL) and a server certificate is provided in the configurations, how is the message encrypted/decrypted - with what key and how is the key exchanged? • When message security is enabled over HTTPS (with SSL certificate) is the encryption/decryption happening twice? o Is it possible to configure an Anonymous client (no client certificate/authentication) in this scenario? o Is it possible to configure different certificates for SSL negotiation and for message encryption/decryption? o What key used for message encryption - same as SSL negotiated key or new key based on the provided certificate? 3. SSL Server Certificate Validation by client • By default, client validates the certificate during initial handshake - what all information of the certificate, exactly are validated and what are not validated? This validation is done by whom – .NET framework on the client or the OS itself? o How different is this validation, from X509Certificate2.Verify() method call on the certificate, if done explicitly? • In client code, if the callback to ServicePointManager.ServerCertificateValidationCallback delegate is registered, does this method get called before or after the automatic validation of server certificate? Thanks in advance for your help.

While providing an architectural solution proposal, what do I need to include under section - "Dimensioning & Configuration"? Specific example for ASP.NET + SQLServer scenario would be helpful. Thanks in advance!

Thanks Keld Ølykke! I got the overall idea, but I will need to read up on these two patterns and think of the solution (pros & cons). Also the "common execution platform" itself might need a little more thinking ( for amateur like me at least :) )

Technical Details: .NET Framework 4.0 (C#) Windows Server 2008 Requirement: 1. Polling a local folder for files 2. Polling a Message Queue for messages 3. Polling a FTP folder for files 4. Polling a SMTP server for mails We need a single architecture that can be easily extended and also independently maintained for different requirements. For example if we need to add a new mail server to be monitored, we would just add an entry (with sufficient details) in a config-like file and the system should ideally pick the config entry and start polling for that. Another example to stop a single polling instance, it should be sufficient to just remove the entry from the config-like file. Whenever polling succeeds, i.e. if a new mail is received, a new file is found in a folder, etc. the system should be able to instantiate a new controled thread to process the item in question. It is a complex requirement for me to decide on an architecture solution to this. Would be thankful all who can provide possible solutions along with pros & cons of the same. Thanks in advance.

Thanks to Anonymous poster at some Blogger.com site... --- Just in case someone stumbles across this post searching for a way to disable the AutoScroll behavior of scrolling to the focused control, the cleanest solution is provided in .NET 2.0: There is an overrideable ScrollToControl method in the ScrollableControl now. Replace the call to the base class implementation to return DisplayRectangle.Location and problem solved. protected override Point ScrollToControl(Control activeControl) { return DisplayRectangle.Location; } --- Hope it helps. - Erpizn13