If I have an https webservice behind a firewall on a machine (A) that I cannot access, but access to a machine on the same network (B), from where I can call the webservice on machine A.
What is the best way of talking with the webservice on machine A, from the outside via machine B (that I access via VPN)?
I can obviously create a service with a matching interface on machine B, and call the methods on the webservice on machine A, and return the result. But I fear for the overhead and maintainability.
Is there another way? Can i somehow forward the request?
Yes, creating a duplicate web service on machine B sounds like a bad idea, both from a maintenance perspective and the potential extra errors it will introduce.
I once solved this problem by installing an Apache web server on machine B, and setting it up as a reverse proxy. This means that you expose the WSDL that is hosted on machine A via machine B. All web service clients will ‘think’ that they are talking to machine B, but they are actually talking to machine A. Apache then just stands for forwarding the web service requests from the client to machine A. This behavior is supported by Apache’s mod_proxy module, using the
ProxyPassandProxyPassReversedirectives.There is one ‘catch’ with this solution: you expose the WSDL from machine A via machine B, and a WSDL always contains the hostname of the machine it is hosted on, in your case machine A. So, clients are talking to machine B and all of a sudden they receive a WSDL which contains a hostname that they don’t know.
The solution for this: you need to configure the web service on A in such a way that it will contain the hostname of machine B instead. I don’t know what framework you are using, but in WCF, this can be easily be configured using the WCFExtras project.