AS2 Server - Receiving AS2 messages with (modern) C# .NET

Question

Does anyone have any experience of implementing an AS2 server to receive and decrypt AS2 messages in C# & .NET Core+?

I know it's possible to use Biztalk or Azure Logic Apps but looking for a way to implement this in C# code. Have not been able to find a lot on this online. Is this for any particular reason apart from AS2 being old?

Specifically I need to;

• Receive an AS2 message via Https

• Validate the signature

• Decrypt the message and extract XML content

• Send back an MDN

Due to lack of examples not really sure where to start with this so any examples or pointing in the right direction on this & the certificate requirements would be appreciated.

Edit: Have found the same link provided by an answer below, as well as the message sending part of the article on the same blog, however this doesn't include the MDN and signature validation, does anyone have code examples of these parts?

Answer 1

there is an AS2 Client available in Azure Marketplace that is created in .NET Core 6. It is called "Integration Microservice AS2", they can also provide a custom solution for your on premise project if Azure is not working for you.

Answer 2

Actually implementing an As2 endpoint in net core isn't that hard. I started from https://mattfrear.com/2011/01/03/receiving-as2-messages-with-net/ and slowly found out that Mimekit can do almost all of the tasks you mentioned above. To fully understand how the As2 communication works you have to read through a lot of rfc's and that's the only hard part. After you get an idea putting it all together in code is easy.

Answer 3

I have searched extensively in the past and not come up with anything that works. Key to a solution is the ability to generate an encrypted, multipart envelope. I haven't found anything in the BCL that clearly supports this.

On the other hand I was able to create a test harness in PowerShell for sending AS2 messages using OpenSSL for Windows to generate the encrypted and signed envelope. Regrettably this is commercial code which I cannot share, but an outline of the process is:

• openssl smime -sign -in <raw content file path> -out <signed content file path> -signer <private key certificate path>
• openssl smime -encrypt -outform DER -in <signed content file path> -out <encrypted content file path> -des3 <public key certificate path>
• send the content of the encrypted file by HTTP POST

I didn't generalise this to receiving messages, but presumably openssl supports running the same operations in reverse.

I referred to this question for pointers on how to achieve this. My answer there mentions some complexity about converting from Windows/Azure conventions for certificates to OpenSSL/*nix conventions.