I'm using protobuf-net.Grpc on a .NET Core server and trying to make calls from a .NET Framework (4.7.2.) gRPC Client. A full example is here: https://github.com/angelagyang/GRPCProtobufExample
Here is a snippet of my client:
var channelCreds = new SslCredentials(GetRootCertificates());
var channel = new Channel("localhost", 5001, channelCreds);
var greeter = channel.CreateGrpcService<IGreeterService>();
With this configuration, I get the error StatusCode="Unknown", Detail="Stream removed"... when calling the server. I am able to connect to the server if I set ClientCertificateMode = ClientCertificateMode.NoCertificate on the server. However, I want the server to require a client certificate and validate the certificate via thumbprint.
For example, in .NET Core, I can use Grpc.Net.Client to configure my channel like so:
var handler = new HttpClientHandler();
handler.ClientCertificates.Add(certificate);
var channel2 = GrpcChannel.ForAddress("https://localhost:5001", new GrpcChannelOptions
{
HttpHandler = handler
});
Is there any way to configure a client with certificate in .NET Framework like this? I'm pretty new to gRPC/.NET and would appreciate any suggestions!
Solved and updated the original example: https://github.com/angelagyang/GRPCProtobufExample
You can configure a client certificate by creating a KeyCertificatePair to pass into SslCredentials. You will need the PEM encoded certificate chain and PEM encoded private key.
var keyCertPair = new KeyCertificatePair(File.ReadAllText($"{rootDir}/cert.pem"), File.ReadAllText($"{rootDir}/cert.key"));
var channelCreds = new SslCredentials(GetRootCertificates(), keyCertPair);
For testing purposes, I used the self-signed certificates here: https://github.com/grpc/grpc/tree/master/src/core/tsi/test_creds
When debugging, set GRPC_VERBOSITY = DEBUG and GRPC_DEBUG = ALL. This can help clear up vague error messages. For example, I realized that the server certificate I was using to configure HTTPS did not include localhost.