Tcpip 侦听器套接字 SSL 流如此混乱
我正在尝试使用.NET 编写一个tcpip 服务器。 查看此站点上的线程,普遍共识似乎是使用 .NET 3.5 SocketArgs 类的某些变体来实现最大可扩展性 但我也必须使用 SSL,唯一的方法似乎是使用 tcplistener,然后从 Begin\End Accept 方法获取 tcpclient,然后获取底层网络流并使用 SSl 流分层开始服务器 然后使用此流进行 BeginRead\Write 与客户端通信
我想我的问题是,
我对如何使用 .NET 在 SSl 上执行 tcpip 的理解是否正确,
因为每个人都说使用 socketeventargs 类,但我认为我不能我要支付多少罚款,是否只是安全通道的价格。
我是否应该使用 WCF?如果是,我可以选择哪些 .NET 2.0 客户端(我们的产品在桌面上不能要求 3.5)。 换句话说,我可以使用 .NET 2.0 TcpCLient 类与 3.5 WCF tcp 服务器对话
I am trying to code up a tcpip server using .NET. Looking at the threads on this site the general consensus seems to be use some variation of the .NET 3.5 SocketArgs classes to be maximally scalable
BUT I have to use SSL as well, and the only way to do that seems to be to use a tcplistener and then grab a tcpclient from the Begin\End Accept method and then get the underlying network stream and layer the SSl stream on it using the beginauthasserver
Then use this stream to do BeginRead\Write for communicating with the client
I guess my questions are um
is my understanding above correct in terms of how to do tcpip on SSl using .NET
since everyone says use the socketeventargs class and I dont think I can how much of a penalty will I pay,Is it just the price for the secure channel.
Shoud I use WCF and if so what are my options with a .NET 2.0 client ( our product cannot require 3.5 on the desktop). in other words can I use a .NET 2.0 TcpCLient class to talk to a 3.5 WCF tcp server
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
一旦你有了一个连接的套接字,让 SSL 在套接字上工作就不是一个非常复杂的设置。 首先,您需要使用以 Socket 作为参数的构造函数来分配 NetworkStream 对象。 然后,我使用采用 (NetworkStream, bool, RemoteCertificateValidationCallback) 的构造函数创建了一个 SslStream 对象。 然后,您需要调用 AuthenticateAsServer 或 AuthenticateAsClient。 下面是一个示例:
然后我只使用返回的 SslStream 进行所有正常通信。 一旦您已经有了 .CER 文件,服务器部分的代码就不会那么复杂了。 将 AuthenticateAsClient 调用替换为以下 2 行:
Once you have a connected Socket, it's not a very complicated setup to get SSL to work on the socket. First, you'll need to allocate a NetworkStream object by using the constructor that takes the Socket as the parameter. Then, I created an SslStream object by using the constructor that takes (NetworkStream, bool, RemoteCertificateValidationCallback). Then, you need to either call AuthenticateAsServer or AuthenticateAsClient. Here's a sample:
Then I just do all my normal communication using the SslStream that was returned. The server half of the code isn't that much more complicated once you have a .CER file already. Replace the AuthenticateAsClient call with the following 2 lines:
当然,您必须在这里切换到 Web 服务或 .net 远程处理(两者都适用于 2.0)。 有各种有关通过 ssl 进行远程处理的资源,eg。
Definitely you have to switch to web services or .net remoting here (both works on 2.0). There are various resources concerning remoting over ssl, e.g.