[Mono-dev] Remothing through HTTPS
robertj at gmx.net
Wed Sep 7 07:10:19 EDT 2005
both Mono's and .NET's Http*Server*Channel don't support https.
You might try something like that:
> Hi all.
> I am doing an remoting application
> and have a Win32 Client with MS .NET v1.1
> and a Linux (Fedora Core 3 x86) Server with Mono 126.96.36.199.
> The different clients will call the remote objects methods
> on the server.
> Among other things the clients will upload a file to the server.
> I (now) only uses "normal" calls to upload a file -
> no "callbacks" any more.
> The server will be located at our place.
> The clients will be users of "services", running on our server.
> The remote objects is currently hosted by an Console application,
> but is planned to be hosted by a Windows service (on Linux / Mono :-)).
> I have gotten this working with HTTP.
> I now will try to do this with HTTPS (on port 443),
> to get a secure tunnel between the client and the server.
> We would like to use SSL with both encryption and authentication,
> through x509 certificates.
> The certificates should (preferable) be self signed.
>>From my testings and readings I have found that:
> 1) My Win32 client uses Tls.
> 2) The Win32 client certificates should be:
> a) Set in the ClientCertificates property of the HttpWebRequest.
> b) The client certificate must be installed in
> the LOCAL_MACHINE registry hive.
> (Se: KB895971 at http://support.microsoft.com/?kbid=895971).
> 3) .NET prefer the DER format (called .cer)
> but may also use the .p12 format.
> 4) From the Microsoft .NET documentation,
> I have found support only for certificate authentication
> through ASP.NET/IIS-hosting - In MS .NET v1.1.
> 5) There is some support for SSL in Mono,
> and I have succeeded to install certificates in Mono through certmgr
> (but I may have done it wrong. No real test yet).
> What I wonder is weather this approach gonna work with .NET Remoting
> and with different Win32 MS .NET clients calling a Linux Mono server?.
> Do I have to customize any part of the SSL handshake?.
> On the remote objects methods, I would like to have
> access checks on the users .NET Roles.
> Is it possible to impersonate the principal and add .NET Roles
> to that principal when the remote objects is hosted in
> a Console application or a Windows service (in Linux / Mono)?.
> Further, I am not really sure about how to set up the certificates
> on the Mono server for SSL.
> I assume the the certificates should be placed in the machine store.
> I have the certificates in DER (.cer) format.
> Should the CA certificate be placed in the CA store
> or in the Trust store?. Any more to think about?.
> I assume that the server certificate should be placed
> in the Trust store (of the machine store).
> I hope this is right.
> // Regards
> Yngve Zackrisson.
More information about the Mono-devel-list