TechQA.

gRPC server .net framework - how to configure to use a TLS certificate

2.1k views Asked by At

I am new to gRPC and just exploring options for communications in my .net framework servers.

Due to the age and size of the server projects, it may be some time before these can be ported to .net 5+, but I want to allow for newer .net 5+ clients to connect, so want to replace the existing server WCF with something current.

My WCF always used Windows Authentication for encryption, which I can't wait to get away from due to cross domain issues, so would want to use TLS.

I am finding it hard to find examples on how to do this, especially in .net framework, as most examples are .net core.

Here is some typical(ish) example code:

     static async Task Main()
        {
            const int port = 10042;
            
            var server = new Grpc.Core.Server
            {
                Ports = { new ServerPort("localhost", 10042, ServerCredentials.Insecure) }
            };
            server.Services.AddCodeFirst<ICalculator>(new Calculator());
            server.Services.AddCodeFirst<ITimeService>(new TimeService());
            server.Start();

            Console.WriteLine("server listening on port " + port);
            Console.ReadKey();

            await server.ShutdownAsync();
     }

Ignore the AddCodeFirst these are some other experiments, however every example seems to use ServerCredentials.Insecure, and they all say to NOT use this in production (which I would not want to), but frustratingly they then do not show how to use a TLS certificate. How can I do this?

Also, for .net framework clients, typical code is

Channel channel = new Channel("localhost", 10042, ChannelCredentials.Insecure);

The only option seems to be Insecure

Finally also, for the server, it is possible to use a self signed certificate?

c# .net grpc grpc-dotnet
Original Q&A
1

There are 1 answers

3
Jan Tattermusch On BEST ANSWER

To use TLS with self-signed certs, you need to pass an instance of SslServerCredentials(keyCertPair, caRoots, clientCertRequestType) instead of ServerCredentials.Insecure as shown in this example See https://github.com/jtattermusch/grpc-authentication-kubernetes-examples/blob/979345cca801b71eba9f8ffc67e13bf57c33a211/greeter-server/Program.cs#L43 from an older gRPC authentication talk https://github.com/jtattermusch/grpc-authentication-kubernetes-examples.

On the client side, you'll need to pass the corresponding CA roots (also see the same example).

Related Questions in C#

Related Questions in .NET

Related Questions in GRPC

Related Questions in GRPC-DOTNET

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions