Skip to content

Update channel-credentials.md #24051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Jun 28, 2021
Merged

Update channel-credentials.md #24051

Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
cb5bb6f
Update channel-credentials.md
stebet May 5, 2021
971fa0e
Fix markdown errors
adegeo May 5, 2021
a746f6b
Update channel-credentials.md
stebet Jun 2, 2021
c57bd21
Update docs/architecture/grpc-for-wcf-developers/channel-credentials.md
stebet Jun 6, 2021
c1d7df9
Update docs/architecture/grpc-for-wcf-developers/channel-credentials.md
stebet Jun 23, 2021
abe540a
Update docs/architecture/grpc-for-wcf-developers/channel-credentials.md
stebet Jun 23, 2021
3a04caa
Update docs/architecture/grpc-for-wcf-developers/channel-credentials.md
stebet Jun 23, 2021
1938f4e
Intro paras; formatting.
adegeo Jun 28, 2021
3b65fc9
Update channel-credentials.md
adegeo Jun 28, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 48 additions & 1 deletion docs/architecture/grpc-for-wcf-developers/channel-credentials.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
title: Channel credentials - gRPC for WCF Developers
description: How to implement and use gRPC channel credentials in ASP.NET Core 3.0.
ms.date: 12/15/2020
ms.date: 06/28/2021
---

# Channel credentials
Expand Down Expand Up @@ -92,6 +92,10 @@ public class Startup

With the `Grpc.Net.Client` package, you configure certificates on an <xref:System.Net.Http.HttpClient> instance that is provided to the `GrpcChannel` used for the connection.

### Load a client certificate from a .PFX file

A certificate can be loaded from a _.pfx_ file.

```csharp
class Program
{
Expand All @@ -117,6 +121,49 @@ class Program
}
```

### Load a client certificate from certificate and private key .PEM files

A certificate can be loaded from a certificate and private key _.pem_ file.

```csharp
class Program
{
static async Task Main(string[] args)
{
// Assume path to a certificate and private key .pem files are passed from command line
string certificatePem = File.ReadAllText(args[0]);
string privateKeyPem = File.ReadAllText(args[1]);
var cert = X509Certificate2.CreateFromPem(certificatePem, privateKeyPem);

var handler = new HttpClientHandler();
handler.ClientCertificates.Add(cert);
using HttpClient httpClient = new(handler);

var channel = GrpcChannel.ForAddress("https://localhost:5001/", new GrpcChannelOptions
{
HttpClient = httpClient
});

var grpc = new Greeter.GreeterClient(channel);
var response = await grpc.SayHelloAsync(new HelloRequest { Name = "Bob" });
System.Console.WriteLine(response.Message);
}
}
```

> [!NOTE]
> Due to an internal Windows bug as [documented here](https://github.com/dotnet/runtime/issues/23749#issuecomment-388231655), you'll need to apply the following a workaround if the certificate is created from certificate and private key PEM data.
>
> ```csharp
> X509Certificate2 cert = X509Certificate2.CreateFromPem(certificatePem, rsaPrivateKeyPem);
> if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows))
> {
> var originalCert = cert;
> cert = new X509Certificate2(cert.Export(X509ContentType.Pkcs12));
> originalCert.Dispose();
> }
> ```

## Combine ChannelCredentials and CallCredentials

You can configure your server to use both certificate and token authentication. To do this, apply the certificate changes to the Kestrel server, and use the JWT bearer middleware in ASP.NET Core.
Expand Down