I have to build a client-server application that uses websocket secure for communication between the parties. In order to build it, I used this repo as a skeleton:
https://github.com/radu-matei/websocket-manager
This also comes to the following blog post:
https://radu-matei.com/blog/aspnet-core-websockets-middleware/
I managed to create the ws communication. However, I have to create a wss communication and I can't seem to figure out how to do this. After changing ws:// to wss:// and http to https, if I access localhost the connection will be secure. But if I try to access 127.0.0.1, the communication won't be secure.
I understand that I should use self-signed certificates, but I don't know how to integrate them in the code present in the first link. Can you help?
Related
Actually I'm using node.js and socket.io to establish a socket connection. For some reasons I need to replace the server part with an ASP.NET application. Therefore I have to replace the existing socket.IO-server with a suitable .NET pendant.
From my understanding socket.IO as well as SignalR use websockets. So can I replace the socket.io-server with a signalR-server without or with even minimal changes in the clients?
Actually I tried to setup a SignalR-Server using the following example http://www.asp.net/signalr/overview/guide-to-the-api/hubs-api-guide-server
I'm able to connect to the hub when I use the sample code mentioned there.
But I'm not able to connect to this server using socket.IO or websockets in nodeJS. Maybe because of the magic with the hubs.
So is there any solution for an easy to use .NET package, hosted in IIS, that allows secured websocket-connections or secure tcp-socket connections between clients and my server. This solution should be quite standard so I can use Java or Node or anything else on client side?
This is my first post at stackoverflow.com, so if i do something wrong just let me know. So onto the problem.
I have a C# server currently running System.Net.Socket Sockets similar to the sample code Microsoft provided here.
I also have an Objective-C iPad client running NSInputStream/NSOutputStream bound to CFReadStream/CFWriteStream.
At present with only username/password authentication sent via an XML Serialized Object the client and server can communicate without any issues.
The problem I now have is that the communication has to be secure, and talking to clients, SSL encryption would be acceptable. However, I don't think they would accept just the "Server Certificate" as good enough. So I am trying to get the iPad client to use a "Client Certificate". I would like to enable true mutual authentication.
If I can't achieve mutual authentication, a third party VPN Software could be the better solution to secure the communication.
I haven't completed the conversion yet, but I have found a few articles that give me good examples of this, but there are no examples that fit my situation for client side certificates on the iPad.
The samples that i have found are:
C# SSL Tcp Server
Apple Developer site that shows how to use SSL, but no client certificate
iPad SSL Stream without client certificate.
iPad SSL Stream without client certificate
iPad HTTP Client that uses client certificate
Basically the system must eventually run TCP communication with SSL embedded with the ability to manage certificates. Not sure if it makes a difference, but as this would be going to many different clients, it is preferable to be compatible with SSL 3.0 and TLS(any version).
As I have only been dabbling in Objective-C for the past 6 months and am more familiar with C#, I will probably need you to explain your answer in simpler terms.
Edit:
I am more concerned with the Objective-C side of the equation, as I am fairly sure the C# side will be simple. Basically I need someone to explain how to implement client side certificates on a TCP NSStream in Objective-C or point me in the direction of possible solutions or approaches to the problem.
Any help will be greatly appreciated.
Chris
I cannot answer your question with regards to how to implement this on the objective-c side as what you ask is beyond what a single application can achieve on IOS devices. Thinking outside the box..
From Apple:
iOS supports the Simple Certificate Enrollment Protocol (SCEP). SCEP
is an Internet draft in the IETF, and is designed to provide a
simplified way of handling certificate distribution for large-scale
deployments. This enables over-the-air enrollment of identity
certificates to iPhone and iPad that can be used for authentication to
corporate services.
Knowing this and searching for SCEP in the developer library points me to this page - https://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/Introduction/Introduction.html
This page will be of interest, notice that Microsoft Server supports this:-
https://developer.apple.com/library/ios/#documentation/NetworkingInternet/Conceptual/iPhoneOTAConfiguration/OTASecurity/OTASecurity.html#//apple_ref/doc/uid/TP40009505-CH3-SW1 and it even has some sample client/server code.
My interest is generally in the field of Mobile-Device-Management and have been looking into this.
Hope this helps.
Check out CFSocket and/or CkoSocket
BACKGROUND INFORMATION: PROGRAM WRITTEN IN C#
I'm working on a program right now that connects through a SOCKS5 proxy (coded from scratch. works well enough.), but I'd also like to (through that proxy) communicate to a DESTINATION through SSL.
I've done some research, googled many a time, and have come to the conclusion that SslStream won't be ideal for my situation. I NEED to first authenticate with the SSL through the proxy, and THEN start sending encrypted packets, once I receive the key.
QUESTIONS:
How can I encrypt my packets with TLS in C#? For some reason I can't at all figure it out. I'm stuck! :(
What is the raw syntax required to even REQUEST said SSL certificate?
You might want to have a look at the TLS implementation in the open source Bouncy Castle cryptography library. If it won't work as-is, you can hack it into doing what you need. If you want to deep-dive the specification itself, you'll find it as IETF RFC 5246.
As you've probably discovered, though, doing any portion of the connection setup work yourself leaves you with no way to use the WebRequest family of classes to handle the HTTP portion of the protocol work. That leaves you with two options I can see: do the HTTP yourself as well (I found a trivial example HTTP client floating around the net), or change the current user proxy server settings
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000001
"ProxyServer"="socks=socks.example.net:1080"
then send the request normally using the WebRequest classes.
I'd like to offer you SSLBlackbox package of our SecureBlackbox product. Among numerous other components it has a simple SSL client component that is socket-based, can connect via different proxies (SOCKS, HTTPS CONNECT) and supports all features of SSL/TLS up to TLS 1.2. If you need more control, you can use any custom socket, and not just built-in socket support. This lets you use the components for securing traffic that goes not via sockets at all (pigeon mail can be secured this way as well).
An HTTPS client is available and included into SSLBlackbox as well.
I am trying to send information (in the form of an mime file) to a third party host server that uses two way authentication. After much coaxing I got enough information from their non technical help desk staff to figure out that it is most likely a type of TLS/SSL communication. They use client and server handshakes. I found the following example:
sslstream example. But am having problems using it (TcpClient refuses to see the host adddress).
Before I get too far I was hoping some one could point me in the direction of some good examples or more information on this process. I'm feeling pretty lost.
By two way authentication, probably they mean that they require a client certificate. This means that during the handshake, the client side has to present a certificate to the server as well. The most common SSL behavior is that only the server part presents a certificate, such as when you go to a normal site that is using HTTPS.
As for SslStream, it is quite straightforward to use. To be able to present a client certificate, you need to have a certificate in the certificate store or a pfx file that you can load into memory during runtime.
I found this sample which seems good enough. Here is another one. The second one doesn't use client certs, but you can add them as a parameter to the the AuthenticateAsClient call.
If the TcpClient is refusing to see the host address, then this is most likely some kind of connectivity issue and not related to the actual SSL implementation.
As a part of a larger application I need to implement an SSL tunnel in C#. I was wondering if there's a better way of doing that instead of writing each step of SSL negotiation myself which sounds like reinventing the wheel.
Do you know if there are any libraries that I could use to minimize the code I need to write or any tutorials which show how this or similar thing can be implemented most efficiently in .NET?
SSlStream should do most of the work for you.
It's not clear what you mean by SSL tunnel. If I understand it right, you need some client-side software which acts as a local server (to which other applications connect), this software then connects using SSL to your server-side software, which in turn takes the data out of the SSL tunnel, and routes them further. In this case you would need client-side and server-side SSL/TLS components. You can use our SecureBlackbox for this task. SecureBlackbox provides comprehensive support for SSL/TLS protocol with complete control over connection and certificate management.
It can be that you need not plain SSL channel, but some kind of encrypting proxy. In this case you need to decide what exactly kind of proxy you want (will it be SOCKS proxy or HTTP CONNECT proxy) and implement it on the client side. one of the benefits of such proxy is that it can transfer the real connection address (i.e. where the client wants to go to) to the remote server, and that remote server will perform connection. This is more flexible approach, but it would require some (minimal, I should say) coding to implement the stuff, related to SOCKS or HTTP CONNECT request parsing and response generation.
.NET includes SSL support, centred around the System.Net.Security.SslStream class.