[英]How can I connect a gRPC client in .NET framework with a secure .NET Core server?
I'm using protobuf-net.Grpc on a .NET Core server and trying to make calls from a .NET Framework (4.7.2.) gRPC Client.我在 .NET 核心服务器上使用 protobuf-net.Grpc 并尝试从 .NET Framework (4.7.2.) gRPC 客户端进行调用。 A full example is here: https://github.com/angelagyang/GRPCProtobufExample
一个完整的例子在这里: https://github.com/angelagyang/GRPCProtobufExample
Here is a snippet of my client:这是我的客户的片段:
var channelCreds = new SslCredentials(GetRootCertificates());
var channel = new Channel("localhost", 5001, channelCreds);
var greeter = channel.CreateGrpcService<IGreeterService>();
With this configuration, I get the error StatusCode="Unknown", Detail="Stream removed"...
when calling the server.使用此配置,我在调用服务器时收到错误
StatusCode="Unknown", Detail="Stream removed"...
I am able to connect to the server if I set ClientCertificateMode = ClientCertificateMode.NoCertificate
on the server.如果我在服务器上设置
ClientCertificateMode = ClientCertificateMode.NoCertificate
,我就能够连接到服务器。 However, I want the server to require a client certificate and validate the certificate via thumbprint .但是,我希望服务器需要客户端证书并通过指纹验证证书。
For example, in .NET Core, I can use Grpc.Net.Client to configure my channel like so:例如,在 .NET Core 中,我可以使用 Grpc.Net.Client 来配置我的频道,如下所示:
var handler = new HttpClientHandler();
handler.ClientCertificates.Add(certificate);
var channel2 = GrpcChannel.ForAddress("https://localhost:5001", new GrpcChannelOptions
{
HttpHandler = handler
});
Is there any way to configure a client with certificate in .NET Framework like this?有没有办法像这样在 .NET 框架中配置带有证书的客户端? I'm pretty new to gRPC/.NET and would appreciate any suggestions!
我对 gRPC/.NET 很陌生,如果有任何建议,我将不胜感激!
Solved and updated the original example: https://github.com/angelagyang/GRPCProtobufExample解决并更新了原始示例: https://github.com/angelagyang/GRPCProtobufExample
You can configure a client certificate by creating a KeyCertificatePair
to pass into SslCredentials
.您可以通过创建
KeyCertificatePair
来配置客户端证书以传递到SslCredentials
。 You will need the PEM encoded certificate chain and PEM encoded private key.您将需要 PEM 编码的证书链和 PEM 编码的私钥。
var keyCertPair = new KeyCertificatePair(File.ReadAllText($"{rootDir}/cert.pem"), File.ReadAllText($"{rootDir}/cert.key"));
var channelCreds = new SslCredentials(GetRootCertificates(), keyCertPair);
For testing purposes, I used the self-signed certificates here: https://github.com/grpc/grpc/tree/master/src/core/tsi/test_creds出于测试目的,我在这里使用了自签名证书: https://github.com/grpc/grpc/tree/master/src/core/tsi/test_creds
When debugging, set GRPC_VERBOSITY = DEBUG
and GRPC_DEBUG = ALL
.调试时,设置
GRPC_VERBOSITY = DEBUG
和GRPC_DEBUG = ALL
。 This can help clear up vague error messages.这可以帮助清除模糊的错误消息。 For example, I realized that the server certificate I was using to configure HTTPS did not include localhost.
例如,我意识到我用来配置 HTTPS 的服务器证书不包括 localhost。
From what I tried and made working, You can skip the effort of having to read both cert.pem
and cert.key
.根据我的尝试和工作,您可以跳过阅读
cert.pem
和cert.key
的工作。 Also the GetRootCertificate()
would work only if server systems are hosted in a well knows trusted website like google.com
or msdn.com
or the likes of it and localhost.此外,
GetRootCertificate()
仅在服务器系统托管在众所周知的受信任网站(如google.com
或msdn.com
或它和 localhost 之类的网站)中才能工作。 More detailed answer can be found here and here更详细的答案可以在这里和这里找到
If we intend to use our own host DNS with SSL, Generating a Server certificate in pfx
assigned to your DNS and converting it to pem
for the client app is your way to go. If we intend to use our own host DNS with SSL, Generating a Server certificate in
pfx
assigned to your DNS and converting it to pem
for the client app is your way to go. Using tools like openssl will help convert the certificate encoding.使用 openssl 之类的工具将有助于转换证书编码。
openssl pkcs12 -in "<DiskLocationOfPfx>\ProjectName.pfx" -out "<TargetLocation>\certifcate.pem" -clcerts
Once you convert your server certificate to pem, You can use将服务器证书转换为 pem 后,您可以使用
var channelCreds = new SslCredentials(File.ReadAllText($"{rootDir}/cert.pem"));
var channel = new Channel("www.youdns.com", 5001, secureCredentials);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.