FullFramework (.Net 4.7.2) Client with .Net 5 gRPC Serivce and kestrel -- How to get the communication working (SSL)

[rizi]

At the moment we need that an old application(.net 4.7.2) request data from a new application (.net 5.0) via gRPC.
However the client for the full framework seems not to send the certificate to the server automatically, therefore we are doing it manually (at the moment), like so (taken from https://stackoverflow.com/questions/58125102/grpc-net-client-fails-to-connect-to-server-with-ssl) :

CallCredentials credentials = CallCredentials.FromInterceptor((context, metadata) =>
                                                                                          {
                                                                                              metadata.Add("SecurityTokenId", "someKey");
                                                                                              
                                                                                              return Task.CompletedTask;
                                                                                          });

           ChannelCredentials channelCredentials = ChannelCredentials.Create(new SslCredentials(certificate), credentials);

           Channel channel = new Channel("localhost", 44301, channelCredentials);

           ProjectInlayDataService.ProjectInlayDataServiceClient client = new ProjectInlayDataService.ProjectInlayDataServiceClient(channel);
           
           GetProjectInlayDataResponse result = client.GetProjectInlayDataAsync(new GetProjectInlayDataRequest {
                                                                                                                   PackageIds =
                                                                                                                   {
                                                                                                                       "test"
                                                                                                                   }
                                                                                                               }).Ge

public static string GetRootCertificates()
       {
           StringBuilder builder = new StringBuilder();

           X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);

           try
           {
               store.Open(OpenFlags.ReadOnly);

               foreach (X509Certificate2 mCert in store.Certificates)
               {
                   builder.AppendLine(
                       "# Issuer: " + mCert.Issuer + "\n" +
                       "# Subject: " + mCert.Subject + "\n" +
                       "# Label: " + mCert.FriendlyName + "\n" +
                       "# Serial: " + mCert.SerialNumber + "\n" +
                       "# SHA1 Fingerprint: " + mCert.GetCertHashString() + "\n" +
                       ExportToPem(mCert) + "\n");
               }
           }
           catch (Exception exception)
           {
               Console.WriteLine("Get Root Certificates fails: " + exception);
               throw;
           }

           string certificates = builder.ToString();

           return certificates;
       }

       public static string ExportToPem(X509Certificate cert)
       {
           StringBuilder builder = new StringBuilder();

           builder.AppendLine("-----BEGIN CERTIFICATE-----");
           builder.AppendLine(Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks));
           builder.AppendLine("-----END CERTIFICATE-----");

           return builder.ToString();
       }

This works fine, but when the grpc client and the grpc server are on different computer this does not work (of course) --> and now my question is how is this implemented in the grpcClient for .Net Core/.Net 5.0, because there it's working out of the box, some advice would be highly appreciated!

We don't want to store the certifiacte (pem) on the client and then read it from the disk and then use it, because everytime the certificate changes we would have to change the pem on the client as well (and we have a lot of services on different servers and also different stages).

[JamesNK]

Documentation for making gRPC calls is available here: https://docs.microsoft.com/en-us/aspnet/core/grpc/client?view=aspnetcore-5.0

Grpc.Net.Client integrates with the Windows cert store and doesn't require the client to specify a PEM certificate.

[rizi]

Documentation for making gRPC calls is available here: https://docs.microsoft.com/en-us/aspnet/core/grpc/client?view=aspnetcore-5.0

Grpc.Net.Client integrates with the Windows cert store and doesn't require the client to specify a PEM certificate.

Thx I now but does work Grpc.Net.Client with the FullFramework (.Net 4.7.2)? --> I thought this will only work with .Net Core v X and newer? Am I wrong?

And how the the Grpc.Net.Client interact with the Windows cert store when the client and server are on different computers?

[JamesNK]

https://docs.microsoft.com/en-us/aspnet/core/grpc/supported-platforms?view=aspnetcore-5.0#net-version-requirements

[rizi]

https://docs.microsoft.com/en-us/aspnet/core/grpc/supported-platforms?view=aspnetcore-5.0#net-version-requirements

I know that grpc.net.client only works for the new world (.net core/.net 5.0) therefore I use the Grpc Core package that works also for .net 4.7.2 applications.

The question is can you point me to the code in this repo where grpc.net.client figures out the correct certificate from the client so that this can be used for the communcation?

[JamesNK]

Grpc.Net.Client uses HttpClient internally. It automatically handles HTTPS related tasks.

[tdhintz]

The solution isn't clear to me... how is .Net 4.7.2 supported via Grpc.Net.Client? I have what I think is the same question for a .Net 4.8 client. I chose Grpc.Core because it works with netstandard 2.0 and 4.8. Moving to .Net 5 is not an option.

NuGet reports:

Severity	Code	Description
Error	NU1202	Package Grpc.Net.Client 2.35.0 is not compatible with netstandard2.0 (.NETStandard,Version=v2.0). Package Grpc.Net.Client 2.35.0 supports:
  - net5.0 (.NETCoreApp,Version=v5.0)
  - netstandard2.1 (.NETStandard,Version=v2.1)	

[JamesNK]

Docs are coming - dotnet/AspNetCore.Docs#21689

[tdhintz]

I see. It’s in NuGet pre-release.

[Pao-lino]

Excuse me, I wrote a gRPC server with .net 5, I need to build a client with .net framework 4.8.
Will that work ?

I've followed these:
https://docs.microsoft.com/en-us/aspnet/core/tutorials/grpc/grpc-start?view=aspnetcore-5.0&tabs=visual-studio
https://docs.microsoft.com/en-us/aspnet/core/grpc/netstandard?view=aspnetcore-5.0#net-framework

Even using System.Net.Http.WinHttpHandler version 6.0.0-preview.3.21201.4, I get this error:

Grpc.Core.RpcException
HResult=0x80131500
Messaggio=Status(StatusCode="Cancelled", Detail="No grpc-status found on response. Using gRPC with WinHttp has Windows and package version requirements. See https://aka.ms/aspnet/grpc/netstandard for details.")

[JamesNK]

You aren't using a supported version of Windows.

[Pao-lino]

You aren't using a supported version of Windows.

You are right, is there any workaround from .net framework ?

[JamesNK]

No