gRPC C# Server authentication

Question

I'm attempting to perform server authentication using gRPC however I'm unsure of how to proceed. My current setup is that I have a server running on one machine and a client on another (both windows machines). For testing purposes I've generated a certificate authority and a private certificate (from this certificate authority) using the windows makecert.exe. This generates .cer file.

The documentation for SslServerCredentials does not have any provisions for a .cer file. What would be my KeyCertificatePair in this case ? The documentation is unclear on this. http://www.grpc.io/grpc/csharp/html/T_Grpc_Core_SslServerCredentials.htm

Also, I only want the server to authenticate itself, do I need any special provision on the client gRPC call?

Answer 1

Firstly you should add this configuration to your appsettings.json

},
  "AllowedHosts": "*",
  "Kestrel": {
    "EndpointDefaults": {
      "Protocols": "Http2"
    },
    "EndPoints": {
      "Https": {
        "Url": "https://*:5002",
        "Certificate": {
          "Path": "c:\\test.pfx",
          "Password": "password1234"
        }
      }
    }
  },
  "token": "DO6&gkOK5%$fRD#eRt$",
}

That certificate can be generated my many ways. IIS or powershell command. In this code is in drive c: just for testing.

Then you should get the token value like this on Program.main :

IConfigurationBuilder configurationBuilder = new ConfigurationBuilder();
            // Duplicate here any configuration sources you use.
            configurationBuilder.AddJsonFile("AppSettings.json");
            IConfiguration configuration = configurationBuilder.Build();

            string token = configuration["token"];

There are people that say that this token shouldn't be on configuration file but for now i don't know where else to put it. You should also investigate that. And tell me if you don't mind :)

Answer 2

You'll need both a private key and the cert file. You can see how the gRPC testing code does it here.