InfiniTec - Henning Krauses Blog

Don't adjust your mind - it's reality that is malfunctioning

Push notifications with WCF – Security considerations

This is the third article about the .NET component I published at CodePlex recently. To all related articles, click here.

The PushNotificationListener I created for that component uses a WCF endpoint to receive notifications. This means that it needs to open an TCP endpoint of some sort. Thanks to WCF, all the hard stuff is done by the WCF infrastructure. There are, however, two issues which must be resolved before you can receive notifications from your Exchange Server: The Windows Firewall, which blocks all incoming traffic by default and the WCF permission system. To deal with the former, you need to setup an exception for a specific port or for your executable. If you are using Windows Installer Xml, you can use the Firewall Extension to create such an exception during the setup of your application. If you want to do this directly from your application, you will need administrative rights and perform some interop stuff (see the links at the end of the article).

To open an WCF endpoint, you need administrative permissions too, by default. Because this is a very nasty requirement, the system allows you to create so-called reservations which can be tied to specific users. You can use nethsh.exe to manipulate these permissions. You can also use the httpcfg.exe tool. Or, you save you the headache that comes with these tools and head over to Paul Wheelers blog and take a look at this blog post of him: AddressAccessDeniedException: HTTP could not register URL http://+:8080/<…>. He has published a small tool (full source included) to enumerate and manage WCF port reservations.

Here is a screenshot of the reservations on my machine:


The really only real interesting endpoint here is the second from the bottom: http://+:80/Temporary_Listen_Addresses. This is a reservation in the form of an UrlPrefix String (more about that here on MSDN) that can be used by everyone (and Dominick Baier on has a nice post about the security ramifications here). However, the reservation is there and we can use it for the PushNotificationListener. This is the reason why the default port is 80 and the RelativePath property is set to a folder below the Temporary_Listen_Addresses. If you need to use another relative path or even another port, you’ll have to create a reservation for it. You can take a look at the source code of the HttpNamespaceManager tool from Paul Wheelers Blog on how to do this. Again, this is probably best done during setup. Again, if you are using Windows Installer Xml, you can use a managed custom action (using the DTF Framework) to create the necessary reservation during the setup of your application.

Controlling the Windows Firewall with C#

Here are a few links I just found on the internet. I have tested none of them, but they might give you a hint:

Posted by Henning Krause on Thursday, January 1, 2009 9:24 PM, last modified on Thursday, January 1, 2009 9:24 PM
Permalink | Post RSSRSS comment feed

Simple push notification client

As I wrote in my earlier post, I recently published a component on CodePlex that simplifies using push notifications in your applications. Since I’ve not published a full fledged sample application, I will start with a series of blog posts. I will tag all related articles on this topic with “push notifications”, and you can get a list of all articles with this link:

I’ll start with a very simple application: A console application that creates one subscription get notifications about new mails arriving in the mailbox of the current user.

   1: using System;
   2: using System.Net;
   3: using InfiniTec.Exchange.Notifications;
   5: namespace ExchangeNotificationTestClient
   6: {
   7:     internal class Program
   8:     {
   9:         private static void Main()
  10:         {
  11:             // Ignore any certificate errors
  12:             ServicePointManager.ServerCertificateValidationCallback += 
  13:                 (sender, certificate, chain, sslPolicyErrors) => true;
  15:             // Setup the adapter which will be used to call into the Exchange WebService
  16:             var adapter = new ExchangeWebServicesAdapter(
  17:                 new Uri("https://casserver/ews/exchange.asmx"), 
  18:                 new NetworkCredential("administrator", "password", "contoso"));
  20:             // Create a new subscription collection to manage all the subscriptions
  21:             var subscriptionCollection = new SubscriptionCollection(adapter);
  23:             // Setup a listener that listens on port 80 on the local computer
  24:             using (var listener = new PushNotificationListener())
  25:             {
  26:                 // Register for a NewMail notification on the inbox of the administrator
  27:                 subscriptionCollection.Add(
  28:                     new[] {new FolderReference(WellKnownFolderId.Inbox)}, 
  29:                     EventTypes.NewMail);
  30:                 Console.Out.WriteLine("Starting Notification Service...");
  31:                 listener.Start();
  33:                 Console.Out.WriteLine("Creating subscription");
  35:                 foreach (var subscription in subscriptionCollection)
  36:                 {
  37:                     // Write a line to the console for each new mail received
  38:                     subscription.NewMail += (sender, e) => 
  39:                         Console.Out.WriteLine(string.Format("{0}: New Mail arrived in your inbox", e.Timestamp));
  40:                     subscription.Start(listener);
  41:                 }
  43:                 Console.Out.WriteLine("Waiting for notifications... Hit [Enter] to quit...");
  45:                 Console.ReadLine();
  46:             }
  47:         }
  48:     }
  49: }

There are four important classes used in this example:

  1. The ExchangeServiceAdapter (created in line 16) is used to actually perform the Web Services calls to the Exchange Server (CAS Role). It’s a rather simple implementation, as it does not support AutoDiscover. You have to specify the Exchange server manually. It does, however, support Exchange Impersonation. And if you want to subscribe to events on public folders, you’ll have to enable this feature by setting the ExchangeServiceAdapter.IsPublicFolderAccessEnabled to true. Your Exchange Server must have Service Pack 1 installed to use this feature.
  2. The PushNotificationListener (created in line 24): This class does all the necessary WCF plumbing to setup a host, receives the notifications and channels them to the right subscription.
  3. The SubscriptionCollection: (created in line 21) It’s not really necessary, but it makes is more easy to handle multiple subscriptions.
  4. The Subscription (created in line 27). You can either create a subscription by calling SubscriptionCollection.Add(), or create a subscription directly via “new Subscription()”.

Both, the PushNotificationListener and the Subscription need to be started to do some actual work. And that’s all you need to do to get a simple notification client up and running. However, there are some security settings to consider, because WCF doesn’t let you run around and open endpoints on your users machines. Additionally, the Windows Firewall needs to be configured correctly to let the notifications through. I’ll discuss this in a separate post.

Posted by Henning Krause on Tuesday, December 30, 2008 10:55 PM, last modified on Saturday, November 27, 2010 6:04 AM
Permalink | Post RSSRSS comment feed

Exchange 2007 Push notifications made easy

Exchange 2007 de-emphasized Exchange Event Sinks in favor of a new notification system which allows an application to receive notifications about changes made to items on a public folder or mailbox folder. There are two types of notifications: Pull and Push. With pull notifications, the calling application is responsible to get changes back from the server (it has to poll the CAS role for changes). Push notifications on the other side use Web Services to call into an external application. There are a restrictions where this does not work (for example firewalls blocking traffic), but otherwise they work really well.

Compared to the WebDAV notifications that where available in earlier versions of Exchange, they have the advantage that the external application gets specific information about the event: Which item has been modified, created, deleted?

However, it’s rather complicated to completely implement a listener for these notifications. Therefore, I have created a wrapper which uses WCF to listen for incoming notifications.

The whole package is available from CodePlex (, and there is a list of features. Only the source and a small help file for now, but I will add samples over time.

If you have feedback, please use CodePlex Discussions or send me a mail by using the contact form.

Posted by Henning Krause on Tuesday, December 30, 2008 1:51 PM, last modified on Monday, November 29, 2010 6:03 PM
Permalink | Post RSSRSS comment feed