I am new to gRPC and just exploring options for communications in my .net framework servers.
Due to the age and size of the server projects, it may be some time before these can be ported to .net 5+, but I want to allow for newer .net 5+ clients to connect, so want to replace the existing server WCF with something current.
My WCF always used Windows Authentication for encryption, which I can't wait to get away from due to cross domain issues, so would want to use TLS.
I am finding it hard to find examples on how to do this, especially in .net framework, as most examples are .net core.
Here is some typical(ish) example code:
static async Task Main()
{
const int port = 10042;
var server = new Grpc.Core.Server
{
Ports = { new ServerPort("localhost", 10042, ServerCredentials.Insecure) }
};
server.Services.AddCodeFirst<ICalculator>(new Calculator());
server.Services.AddCodeFirst<ITimeService>(new TimeService());
server.Start();
Console.WriteLine("server listening on port " + port);
Console.ReadKey();
await server.ShutdownAsync();
}
Ignore the AddCodeFirst
these are some other experiments, however every example seems to use ServerCredentials.Insecure
, and they all say to NOT use this in production (which I would not want to), but frustratingly they then do not show how to use a TLS certificate. How can I do this?
Also, for .net framework clients, typical code is
Channel channel = new Channel("localhost", 10042, ChannelCredentials.Insecure);
The only option seems to be Insecure
Finally also, for the server, it is possible to use a self signed certificate?
To use TLS with self-signed certs, you need to pass an instance of
SslServerCredentials(keyCertPair, caRoots, clientCertRequestType)
instead ofServerCredentials.Insecure
as shown in this example See https://github.com/jtattermusch/grpc-authentication-kubernetes-examples/blob/979345cca801b71eba9f8ffc67e13bf57c33a211/greeter-server/Program.cs#L43 from an older gRPC authentication talk https://github.com/jtattermusch/grpc-authentication-kubernetes-examples.On the client side, you'll need to pass the corresponding CA roots (also see the same example).