Reputation: 343
boost asio client authentication
I have a client server based c++ application which communicates over network (with boost asio) and I am planning to distribute this client application to my customers. My problem is I don't know how to prevent connection request from other applications, that is how can I make sure that only my client application is able to connect to my server. I think there is no way to do this without making the connection, than what is the best way to verify that request is coming from my client?
Upvotes: 1
Views: 1692
Answers (2)
Reputation: 7357
You can use asio's builtin SSL ability. So, you generating sertificates for each server, and client sertificates. So you can check client sertificate on server at the moment of SSL handshake. As a bonus, your traffic will be encrypted and SSL-secure. Clients can check server is not a fake; server can check clients are authorized.
Upvotes: 5
Reputation: 4411
Yes you have to accept the connection in order to know if it's from your application or not. You can use a three-way handshake at the connection step:
- Client connects to the server The server is sending an specific value (integer, strings or whatever) to the new client.
- The client handles this value, compute a new one with it and sends the new value to the server.
- The server checks if the returned value is correct or not.
The client will have the same compute method as the server. The others applications will not be able to use your service if they returned a bad value.
Upvotes: 0
Related Questions
- c++ - Boost ASIO networking server/client
- Boost ASIO TCP server architecture
- boost.asio server-client program in cpp
- Boost asio library for networking (http client)
- c++ communicate with specific client Boost asio
- boost asio SSL two way authentication
- Boost.asio server-client. Connect between 2 computers
- C++ boost.asio server and client connection undersanding
- C++ Boost Asio: How do I have multiple clients?
- HOW-TO: Client connection manager for Boost::asio?