Skip to main content

Windows Azure Service Bus: Unable to use Transport protection with Hybrid mode

One of the nice features of Windows Azure Service Bus is the ability to expose an internal WCF service through Azure without any extra configuration on the firewall/network level. This means that a user connects to your service through the Azure Service Bus.

Relay Concepts

You can even take this one step further and change the relay binding to ‘Hybrid’ mode. This means that the Azure Service Bus tries to ‘upgrade’ the connection to a peer to peer connection between the client and the WCF service without going through the Azure Service Bus anymore. This sounds like a little bit of magic, and it actually is(at least for me).

Configuring this can be done through the connectionMode property on the binding element:

  • Relayed (default): All communication is relayed through the relay service. The SSL-protected control connection is used to negotiate a relayed end-to-end socket connection that all communication flows through. Once the connection is established the relay service behaves as a socket forwarder proxy relaying a bi-directional byte stream.
  • Hybrid: The initial communication is relayed through the relay service infrastructure while the client/service negotiate a direct socket connection to each other. The coordination of this direct connection is governed by the relay service. The direct socket connection algorithm can establish direct connections between two parties that sit behind opposing firewalls and NAT devices. The algorithm uses only outbound connections for firewall traversal and relies on a mutual port prediction algorithm for NAT traversal. Once a direct connection can be established the relayed connection is automatically upgraded to a direct connection without message or data loss. If the direct connection cannot be established, data will continue to flow through the relay service as usual.

So let’s enable this functionality  by changing the connectionMode on the RelayBinding to Hybrid:

However after doing this, the following exception occurred when running the application:

“Invalid configuration. Unable to use transport protection with Hybrid mode.”

clip_image002

This exception is thrown if you try to setup transport security when using hybrid connection mode. The simples solution is to disable transport security which is by default enabled:

Popular posts from this blog

DevToys–A swiss army knife for developers

As a developer there are a lot of small tasks you need to do as part of your coding, debugging and testing activities.  DevToys is an offline windows app that tries to help you with these tasks. Instead of using different websites you get a fully offline experience offering help for a large list of tasks. Many tools are available. Here is the current list: Converters JSON <> YAML Timestamp Number Base Cron Parser Encoders / Decoders HTML URL Base64 Text & Image GZip JWT Decoder Formatters JSON SQL XML Generators Hash (MD5, SHA1, SHA256, SHA512) UUID 1 and 4 Lorem Ipsum Checksum Text Escape / Unescape Inspector & Case Converter Regex Tester Text Comparer XML Validator Markdown Preview Graphic Color B

Help! I accidently enabled HSTS–on localhost

I ran into an issue after accidently enabling HSTS for a website on localhost. This was not an issue for the original website that was running in IIS and had a certificate configured. But when I tried to run an Angular app a little bit later on http://localhost:4200 the browser redirected me immediately to https://localhost . Whoops! That was not what I wanted in this case. To fix it, you need to go the network settings of your browser, there are available at: chrome://net-internals/#hsts edge://net-internals/#hsts brave://net-internals/#hsts Enter ‘localhost’ in the domain textbox under the Delete domain security policies section and hit Delete . That should do the trick…

Azure DevOps/ GitHub emoji

I’m really bad at remembering emoji’s. So here is cheat sheet with all emoji’s that can be used in tools that support the github emoji markdown markup: All credits go to rcaviers who created this list.