asp.net - WCF 服务的内部终结点不适用于 Azure Web 角色

Question

我有两个 Web 角色，其中一个运行由 3 个与 net.tcp 连接的 WCF 服务组成的服务层，每个服务都部署为端口 808、810 和 811 上的网站。

现在我希望服务层仅对我的其他 Web 角色开放。

因此，我尝试将其中一个服务端点设为内部，并为我的前端 Web 角色提供访问权限。

像这样:

<ServiceDefinition name="MagnusAzureCloudService" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition" schemaVersion="2015-04.2.6">
<WebRole name="Core.Services" vmsize="Small">
<Runtime executionContext="elevated" />
<Startup>
<Task commandLine="Startup/startup.cmd" executionContext="elevated" taskType="background" />
</Startup>
<Sites>
<Site name="Core" physicalDirectory="C:\CoreServices">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
</Bindings>
</Site>
<Site name="Store" physicalDirectory="C:\StoreServices">
<Bindings>
<Binding name="Endpoint3" endpointName="Endpoint3" />
</Bindings>
</Site>
<Site name="Users" physicalDirectory="C:\UserServices">
<Bindings>
<Binding name="Endpoint4" endpointName="Endpoint4" />
</Bindings>
</Site>
</Sites>
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="http" port="8282" />
<InputEndpoint name="Endpoint3" protocol="http" port="81" />
<InputEndpoint name="Endpoint4" protocol="http" port="8181" />
<InputEndpoint name="Endpoint2" protocol="tcp" port="808" localPort="808" />
<InputEndpoint name="Endpoint5" protocol="tcp" port="810" localPort="810" />
<InternalEndpoint name="Endpoint6" protocol="tcp" port="811" />
</Endpoints>
<Certificates>
</Certificates>
<Imports>
<Import moduleName="RemoteAccess" />
<Import moduleName="RemoteForwarder" />
</Imports>
</WebRole>
<WebRole name="UIWeb" vmsize="Small">
<Runtime executionContext="elevated" />
<Startup>
<Task commandLine="Startup/startup.cmd" executionContext="elevated" taskType="background" />
</Startup>
<Sites>
<Site name="Web">
<Bindings>
<Binding name="Endpoint1" endpointName="Endpoint1" />
</Bindings>
</Site>
</Sites>
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" />
</ConfigurationSettings>
<Endpoints>
<InputEndpoint name="Endpoint1" protocol="http" port="80" />
</Endpoints>
<Imports>
<Import moduleName="RemoteAccess" />
</Imports>
</WebRole>
<NetworkTrafficRules>
<OnlyAllowTrafficTo>
<Destinations>
<RoleEndpoint endpointName="Endpoint6" roleName="Core.Services" />
</Destinations>
<WhenSource matches="AnyRule">
<FromRole roleName="UIWeb"/>
</WhenSource>
</OnlyAllowTrafficTo>
</NetworkTrafficRules>
</ServiceDefinition>

但是当尝试 UserService 时，它​​似乎超时了。

Server Error in '/' Application.

Connecting to via net.tcp://myservicename.cloudapp.net:811/UserTypeService.svc timed out after 00:00:00. Connection attempts were made to 0 of 1 available addresses (). Check the RemoteAddress of your channel and verify that the DNS records for this endpoint correspond to valid IP Addresses. The time allotted to this operation may have been a portion of a longer timeout.

我也尝试过设置<AllowAllTraffic/>而不是<WhenSource ...>但这没有任何效果。

第二次尝试:经过一些反馈后，我尝试了一些变化来设置 FixedPort和PortRange调用811并听角色port="*" 。

<InternalEndpoint name="Endpoint6" protocol="tcp" port="*" >
      <FixedPortRange min="811" max="811"></FixedPortRange>
  </InternalEndpoint>

我像之前的尝试一样保留了 NetworkTrafficRules。

我还添加了以下代码以确保存在动态端口的监听器。在我的 WebRole.cs 文件中:

    public class WebRole : RoleEntryPoint
{
    /// <summary>
    /// 
    /// </summary>
    /// <returns></returns>
    public override bool OnStart()
    {
        Trace.TraceInformation("OnStart method called. Updating information on IIS.");

        try
        {
            // Initialize method-wide variables
            var epName = "Endpoint6";
            var roleInstance = RoleEnvironment.CurrentRoleInstance;

            // Identify direct communication port
            var myPublicEp = roleInstance.InstanceEndpoints[epName].PublicIPEndpoint;
            Trace.TraceInformation("IP:{0}, Port:{1}", myPublicEp.Address, myPublicEp.Port);

            // Identify public endpoint
            var myInternalEp = roleInstance.InstanceEndpoints[epName].IPEndpoint;

            // Create socket listener
            var listener = new Socket(
              myInternalEp.AddressFamily, SocketType.Stream, ProtocolType.Tcp);

            // Bind socket listener to internal endpoint and listen
            listener.Bind(myInternalEp);
            listener.Listen(10);
            Trace.TraceInformation("Listening on IP:{0},Port: {1}",
              myInternalEp.Address, myInternalEp.Port);

            while (true)
            {
                // Block the thread and wait for a client request
                Socket handler = listener.Accept();
                Trace.TraceInformation("Client request received.");

                // Define body of socket handler
                var handlerThread = new Thread(
                  new ParameterizedThreadStart(h =>
                  {
                      var socket = h as Socket;
                      Trace.TraceInformation("Local:{0} Remote{1}",
              socket.LocalEndPoint, socket.RemoteEndPoint);

                      // Shut down and close socket
                      socket.Shutdown(SocketShutdown.Both);
                      socket.Close();
                  }
                ));

                // Start socket handler on new thread
                handlerThread.Start(handler);
            }
        }
        catch (Exception e)
        {
            Trace.TraceError("Caught exception in run. Details: {0}", e);
        }
        // Set the maximum number of concurrent connections 
        ServicePointManager.DefaultConnectionLimit = 12;

        return base.OnStart();
    }
}

另一个注意事项是，调用服务使用端口 811 来查找正确的服务，因为该服务运行三个不同的 WCF 项目站点。我调用的服务也使用指定的端口号，我认为如果它突然变成动态的，这可能会成为问题。调用服务如下所示:

<endpoint address="net.tcp://myservicename.cloudapp.net:811/UserTypeService.svc"
      behaviorConfiguration="ClientContextEndpointBehavior" binding="netTcpBinding"
      bindingConfiguration="NetTcpBinding_FrameworkService" contract="Users.Services.IPersonTypeService"
      name="Tcp">
    <identity>
      <dns value="The Certificate Name" />
    </identity>
  </endpoint>

在接收(内部)WebRole 站点上，我有以下类型的配置。

<service name="Core.Services.Logging.LoggingService" behaviorConfiguration="coreServiceBehavior">
<endpoint address="net.tcp://localhost:808/LoggingService.svc" 
              behaviorConfiguration="ContextEndpointBehavior" 
              binding="netTcpBinding"
              bindingConfiguration="NetTcpBinding1" 
              contract="Core.Logging.ILoggingService">
      <identity>
        <dns value="The Certificate Name" />
      </identity>
    </endpoint>

以及端口 811 上的另一个 WCF 站点:

<service name="Users.Services.PersonTypeService">
<endpoint address="net.tcp://localhost:811/UserTypeService.svc" binding="netTcpBinding" bindingConfiguration="NetTcpServiceBinding1" behaviorConfiguration="ServerContextEndpointBehavior" contract="Users.Services.IUserTypeService">
  <identity>
    <dns value="The Certificate Name" />
  </identity>
</endpoint>

<endpoint address="mex" binding="mexTcpBinding" kind="mexEndpoint">
  <identity>
    <dns value="localhost" />
  </identity>
</endpoint>

Answer 1

您可以使用内部端点 IP 地址而不是外部地址。这是一个例子:

foreach (RoleInstance roleInst in RoleEnvironment.CurrentRoleInstance.Role.Instances)
{
    // Skip local role instance
    if (RoleEnvironment.CurrentRoleInstance.Id == roleInst.Id) continue;

    if (roleInst.Role.Name == "My Cool Role")
    {
        foreach (RoleInstanceEndpoint roleInstEndpoint in roleInst.InstanceEndpoints.Values)
        {
            // Get endpoint address using the internal endpoint's IP address
            if (roleInstEndpoint.Protocol == "tcp")
                SendRequest(roleInstEndpoint.IPEndpoint.Address.ToString(), command);

        }
    }
}