堆栈内存溢出
  简体   繁体   English

如何将 .NET 框架中的 gRPC 客户端与安全的 .NET 核心服务器连接?

[英]How can I connect a gRPC client in .NET framework with a secure .NET Core server?

 原文  2020-07-08 20:19:07       c#/ .net/ .net-core/ grpc/ protobuf-net

问题描述

I'm using protobuf-net.Grpc on a .NET Core server and trying to make calls from a .NET Framework (4.7.2.) gRPC Client.我在 .NET 核心服务器上使用 protobuf-net.Grpc 并尝试从 .NET Framework (4.7.2.) gRPC 客户端进行调用。 A full example is here: https://github.com/angelagyang/GRPCProtobufExample一个完整的例子在这里: https://github.com/angelagyang/GRPCProtobufExample

Here is a snippet of my client:这是我的客户的片段:

var channelCreds = new SslCredentials(GetRootCertificates());
var channel = new Channel("localhost", 5001, channelCreds);
var greeter = channel.CreateGrpcService<IGreeterService>();

With this configuration, I get the error StatusCode="Unknown", Detail="Stream removed"... when calling the server.使用此配置,我在调用服务器时收到错误StatusCode="Unknown", Detail="Stream removed"... I am able to connect to the server if I set ClientCertificateMode = ClientCertificateMode.NoCertificate on the server.如果我在服务器上设置ClientCertificateMode = ClientCertificateMode.NoCertificate ,我就能够连接到服务器。 However, I want the server to require a client certificate and validate the certificate via thumbprint .但是,我希望服务器需要客户端证书并通过指纹验证证书

For example, in .NET Core, I can use Grpc.Net.Client to configure my channel like so:例如,在 .NET Core 中,我可以使用 Grpc.Net.Client 来配置我的频道,如下所示:

var handler = new HttpClientHandler();
handler.ClientCertificates.Add(certificate);
var channel2 = GrpcChannel.ForAddress("https://localhost:5001", new GrpcChannelOptions
{
      HttpHandler = handler
});

Is there any way to configure a client with certificate in .NET Framework like this?有没有办法像这样在 .NET 框架中配置带有证书的客户端? I'm pretty new to gRPC/.NET and would appreciate any suggestions!我对 gRPC/.NET 很陌生,如果有任何建议,我将不胜感激!

2 个解决方案

解决方案1
 3 已采纳  2020-07-09 23:06:04

Solved and updated the original example: https://github.com/angelagyang/GRPCProtobufExample解决并更新了原始示例: https://github.com/angelagyang/GRPCProtobufExample

You can configure a client certificate by creating a KeyCertificatePair to pass into SslCredentials .您可以通过创建KeyCertificatePair来配置客户端证书以传递到SslCredentials You will need the PEM encoded certificate chain and PEM encoded private key.您将需要 PEM 编码的证书链和 PEM 编码的私钥。

var keyCertPair = new KeyCertificatePair(File.ReadAllText($"{rootDir}/cert.pem"), File.ReadAllText($"{rootDir}/cert.key")); 
var channelCreds = new SslCredentials(GetRootCertificates(), keyCertPair);

For testing purposes, I used the self-signed certificates here: https://github.com/grpc/grpc/tree/master/src/core/tsi/test_creds出于测试目的,我在这里使用了自签名证书: https://github.com/grpc/grpc/tree/master/src/core/tsi/test_creds

When debugging, set GRPC_VERBOSITY = DEBUG and GRPC_DEBUG = ALL .调试时,设置GRPC_VERBOSITY = DEBUGGRPC_DEBUG = ALL This can help clear up vague error messages.这可以帮助清除模糊的错误消息。 For example, I realized that the server certificate I was using to configure HTTPS did not include localhost.例如,我意识到我用来配置 HTTPS 的服务器证书不包括 localhost。

解决方案2
 0  2020-07-24 21:42:57

From what I tried and made working, You can skip the effort of having to read both cert.pem and cert.key .根据我的尝试和工作,您可以跳过阅读cert.pemcert.key的工作。 Also the GetRootCertificate() would work only if server systems are hosted in a well knows trusted website like google.com or msdn.com or the likes of it and localhost.此外, GetRootCertificate()仅在服务器系统托管在众所周知的受信任网站(如google.commsdn.com或它和 localhost 之类的网站)中才能工作。 More detailed answer can be found here and here更详细的答案可以在这里这里找到

If we intend to use our own host DNS with SSL, Generating a Server certificate in pfx assigned to your DNS and converting it to pem for the client app is your way to go. If we intend to use our own host DNS with SSL, Generating a Server certificate in pfx assigned to your DNS and converting it to pem for the client app is your way to go. Using tools like openssl will help convert the certificate encoding.使用 openssl 之类的工具将有助于转换证书编码。

openssl pkcs12 -in "<DiskLocationOfPfx>\ProjectName.pfx" -out "<TargetLocation>\certifcate.pem" -clcerts

Once you convert your server certificate to pem, You can use将服务器证书转换为 pem 后,您可以使用

var channelCreds = new SslCredentials(File.ReadAllText($"{rootDir}/cert.pem"));
var channel = new Channel("www.youdns.com", 5001, secureCredentials);

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我可以针对 .net CORE gRPC 服务器使用 .NET 框架 gRPC 客户端吗? - Can i use a .NET Framework gRPC Client against a .net CORE gRPC Server? Grpc.Net 客户端无法使用 SSL 连接到服务器 - Grpc .Net client fails to connect to server with SSL 如何让 .Net Framework SignalR 客户端连接到 .Net Core SignalR 服务器? - How to get a .Net Framework SignalR client to connect to .Net Core SignalR Server? 如何使用 HTTPS 和我自己的证书将 Grpc (NuGet &gt;2.33) 客户端 (.NET Framework) 与 Grpc.Asp.NetCore (NuGet &gt;2.31) 服务器 (.NET 5.0) 连接起来? - How to connect Grpc (NuGet >2.33) client (.NET Framework) with Grpc.Asp.NetCore (NuGet >2.31) server (.NET 5.0) using HTTPS and my own certificate? 用于 .NET 框架到 .NET 核心服务器的 gRPC SSL 通信 - gRPC SSL communication for .NET Framework to .NET Core Server gRpc Unity3D 客户端和 ASP.Net 核心服务器中的异常“无法连接到所有地址” - Exception “failed to connect to all addresses” in gRpc Unity3D client and ASP.Net core server 如何将具有联合绑定的 wcf 客户端从 .net 框架迁移到 .net 核心? - How can I migrate a wcf client with federation binding from .net framework to .net core? 从 .Net Framework 客户端调用 gRPC 服务器时出现异常 - Exception when calling gRPC server from .Net Framework client 从 .net 框架调用 .net 标准中的 Grpc 客户端失败,但不是 .net 核心 3.1 - Grpc client in .net standard fails when called from .net framework, but not .net core 3.1 如何在 .NET Framework 中创建 gRPC 客户端? - How do you create a gRPC client in .NET Framework?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM