feat(wcf): add ConnectViaAddress (WCF Via) for tunneled historian access + wire into C2 spike
When the historian is reached through a port-forward whose local port differs from the server's real service port, WCF's server-side AddressFilter rejects the message (To = tunnel port != server port). ConnectViaAddress lets the channel connect to the tunnel while addressing the SOAP To the real Host/Port endpoint. Applied in HistorianWcfClientCredentialsHelper.Configure (the critical event factories already call it). The C2 spike reads HISTORIAN_WCF_EVENT_VIA. Claude-Session: https://claude.ai/code/session_012SDSQ3AcaXqPcBtDESBRii
This commit is contained in:
@@ -49,6 +49,7 @@ public sealed class WcfEventReadSpikeTests
|
||||
string? password = Environment.GetEnvironmentVariable("HISTORIAN_WCF_EVENT_PASSWORD");
|
||||
string? spn = Environment.GetEnvironmentVariable("HISTORIAN_WCF_EVENT_SPN");
|
||||
string? dnsId = Environment.GetEnvironmentVariable("HISTORIAN_WCF_EVENT_DNSID");
|
||||
string? via = Environment.GetEnvironmentVariable("HISTORIAN_WCF_EVENT_VIA");
|
||||
bool certificate = string.Equals(
|
||||
Environment.GetEnvironmentVariable("HISTORIAN_WCF_EVENT_TRANSPORT"), "certificate", StringComparison.OrdinalIgnoreCase);
|
||||
bool allowUntrusted = string.Equals(
|
||||
@@ -69,6 +70,7 @@ public sealed class WcfEventReadSpikeTests
|
||||
TargetSpn = string.IsNullOrWhiteSpace(spn) ? "NT SERVICE\\aahClientAccessPoint" : spn,
|
||||
ServerDnsIdentity = string.IsNullOrWhiteSpace(dnsId) ? null : dnsId,
|
||||
AllowUntrustedServerCertificate = allowUntrusted,
|
||||
ConnectViaAddress = string.IsNullOrWhiteSpace(via) ? null : via,
|
||||
};
|
||||
|
||||
HistorianWcfEventOrchestrator orchestrator = new(options);
|
||||
|
||||
Reference in New Issue
Block a user