|
Submitted 8 February 2007
This article demonstrates how to exchange data in .NET using SSL / TLS classes from Clever Internet .NET Suite
When developing Network applications, it may be necessary to transfer sensitive data between client and server. Network traffic can be easily intercepted and read by Network sniffers. The Clever Internet .NET Suite provides a set of classes which allow you to protect sensitive data by using SSL / TLS security protocol and transfer encrypted data over the Internet.
No HTTPS, FTPS or any other standard TCP protocol with SSL / TLS support required. The whole data is encrypted and transferred by simple set of native C# .NET classes.
There are two classes representing client and server Network connections and implementing functionality for sending / receiving data over the Internet: TclClientConnection and TcpServerConnection:
TcpClientConnection client = new TcpClientConnection();
TlsNetworkStream tlsStream = new TlsNetworkStream();
client.NetworkStream = tlsStream;
client.Open(ip, port);
... |
TcpServerConnection server = new TcpServerConnection();
TlsNetworkStream tlsStream = new TlsNetworkStream();
server.NetworkStream = tlsStream;
server.Open(port);
... |
Both TclClientConnection and TcpServerConnection classes use special NetworkStream object to implement low-level Network communication. To make connections secured, you need to supply the TlsNetworkStream object which does all the work.
The Clever Internet .NET Suite supports different SSL / TLS protocol versions and allows you to specify server and client certificates:
tlsStream.TlsFlags = TlsFlags.UseTLS; //also available SSL 2.0 and SSL 3.0
tlsStream.GetCertificate += new GetCertificateEventHandler(GetServerCertificate);
tlsStream.RequireClientCertificate = true; |
For establishing secured connection, SSL requires at least one certificate: the SSL certificate provided by server. You can use any SSL certificate installed on your PC as well as your own self-signed certificate. The Clever Internet .NET Suite provides special CertificateStore component which can load installed certificates from system storage or generate new certificate with given parameters. In case of using self-signed certificates, the TcpClientConnection does not automatically validate the certificate authority. So you need to use special CertificateFlags property which allows you to ignore certificate validation errors:
tlsStream.CertificateFlags = CertificateFlags.IgnoreCommonNameInvalid
| CertificateFlags.IgnoreUnknownAuthority; |
The following is a sample implementation of the SSL / TLS connections described in this article:
ConnectionSSL.zip
Please note! This code is working in the main application thread. So it is blocking the application GUI while sending, receiving or listening operations.
The Clever Internet .NET Suite provides different classes for creating client / server applications either with custom Network protocol or any of the supported TCP protocols: HTTP, FTP, SMTP etc. Let's use the TcpServer class as basic class for implementing server-side application and the TcpClient class - for client application.
TcpServer opens listening port in separated thread and awaits connections from TcpClient clients. All what you need is to override some virtual methods and implement new connection object:
public class SslCommandConnection : CommandConnection {
...//here you can add any data associated with client session
}
public class SslServer : TcpServer {
protected override CommandConnection CreateDefaultConnection() {
return new SslCommandConnection();
}
protected override void OnConnectionRead(ConnectionDataEventArgs e) {
base.OnConnectionRead(e);
//handle received data
}
} |
In TcpClient, you need to implement some algorithm for providing information about the size of transferred data or about the structure of transferred message. This allows the client to determine the end of the transferred data or message:
public void ReceiveData(Stream data) {
...
//read size of incoming data
while(stream.Length < 8) {
Connection.ReadData(stream);
}
stream.Position = 0;
byte[] buf = new byte[8];
stream.Read(buf, 0, buf.Length);
long len = BitConverter.ToUInt32(buf, 0);
...
//receive remaining data from server
while(data.Length < len) {
Connection.ReadData(data);
}
} |
A working sample of multithreaded client / server application can be downloaded at:
ClientServerSSL.zip
The Clever Internet .NET Suite provides two additional classes for implementing custom client and server applications: TcpCommandClient and TcpCommandServer. Both these classes are optimized for using in command-based protocols such as FTP, SMTP or POP3. You are free to use it for implementing your own TCP command-based protocol. Details about using these classes will be discussed in one of the future articles.
Please feel free to contact me at info@clevercomponents.com. It will be my pleasure to answer your questions.
Downloads:
- ConnectionSSL.zip - SSL / TLS connections
- ClientServerSSL.zip - SSL / TLS client / server
- Clever Internet .NET Suite installations
Best regards,
Sergey Shirokov
Clever Components team.
www.clevercomponents.com
| 
Copyright © 2000-2009