I am trying to code up a tcpip server using .NET. Looking at the threads on this site the general consensus seems to be use some variation of the .NET 3.5 SocketArgs classes to be maximally scalable BUT I have to use SSL as well, and the only way to do that seems to be to use a tcplistener and then grab a tcpclient from the Begin\End Accept method and then get the underlying network stream and layer the SSl stream on it using the beginauthasserver Then use this stream to do BeginRead\Write for communicating with the client
I guess my questions are um
is my understanding above correct in terms of how to do tcpip on SSl using .NET
since everyone says use the socketeventargs class and I dont think I can how much of a penalty will I pay,Is it just the price for the secure channel.
Shoud I use WCF and if so what are my options with a .NET 2.0 client ( our product cannot require 3.5 on the desktop). in other words can I use a .NET 2.0 TcpCLient class to talk to a 3.5 WCF tcp server
Once you have a connected Socket, it's not a very complicated setup to get SSL to work on the socket. First, you'll need to allocate a NetworkStream object by using the constructor that takes the Socket as the parameter. Then, I created an SslStream object by using the constructor that takes (NetworkStream, bool, RemoteCertificateValidationCallback). Then, you need to either call AuthenticateAsServer or AuthenticateAsClient. Here's a sample:
private SslStream WrapSocket(Socket socket) { var myNetworkStream = new NetworkStream(socket); var mySslStream = new SslStream(myNetworkStream, false, OnCertificateValidation); mySslStream.AuthenticateAsClient(String.Empty); } private static bool OnCertificateValidation (object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; // NOT RECOMMENDED FOR PRODUCTION CODE }
Then I just do all my normal communication using the SslStream that was returned. The server half of the code isn't that much more complicated once you have a .CER file already. Replace the AuthenticateAsClient call with the following 2 lines:
var certificate = X509Certificate.CreateFromCertFile("my.cer"); mySslStream.AuthenticateAsServer(certificate);
Definitely you have to switch to web services or .net remoting here (both works on 2.0). There are various resources concerning remoting over ssl, e.g.
