grpc .net-core app not visible from outside local - .net-core

I have grpc dotnet core app, dotnet core version 2.1.
App runs fine when executed on local maschine and accessed from that maschine. When I want to access it from other machine (althought firewall disabled, port opened) I can't access it. I think it is something to the code. I'm not dotnet developer but have some microservice legacy code:). Can it be that problem is in Grpc.Core Server class?
Please help out
Code:
using System;
using System.Collections.Generic;
using System.IO;
using Grpc.Core;
...
static void Main()
{
const int port = 4000;
const string host = "localhost";
var cert = File.ReadAllText("cert.pem");
var key = File.ReadAllText("key.pem");
var keypair = new KeyCertificatePair(cert, key);
var server = GetServer(port, host, keypair);
server.Start();
server.ShutdownTask.Wait();
}
private static Server GetServer(int port, string host, KeyCertificatePair keypair)
{
return new Server
{
Services = { SomeService.BindService(new SomeServiceImpl()) },
Ports = { new ServerPort(host, port, new SslServerCredentials(new List<KeyCertificatePair>
{
keypair
}))}
};
}

Your code explicitly says const string host = "localhost"; which means that it will only listen on the loopback interface (= not accessible from other machines). Use e.g. "[::]" or "0.0.0.0" to listen on all network interfaces.

Related

Android emulator port forwarding results in ERR_EMPTY_RESPONSE

My scenario is as follows. I have an Android Emulator which is hosting an EmbedIO web server through an App. When I try to access the URL to the web server from the host machine's (Mac) browser I receive ERR_EMPTY_RESPONSE error.
I have issued the following port forwarding commands through ADB:
adb forward tcp:8080 tcp:8080
In the browser I am navigating to: http://localhost:8080/api/ChangeBackGround
and the Android emulator web server is listening on: http://10.0.2.16:8080/api/ChangeBackGround
Here is the code that starts the web server in the Xamarin Forms App (runs on Android Emulator):
public static class WebServerFactory
{
public static WebServer CreateWebServer<T>(string url, string baseRoute)
where T : WebApiController, new()
{
var server = new WebServer(url)
.WithWebApi(baseRoute, api => api.WithController<T>());
// Listen for state changes.
server.StateChanged += (s, e) => Debug.WriteLine($"WebServer New State - {e.NewState}");
return server;
}
}
public class EventController : WebApiController
{
[Route(HttpVerbs.Get, "/ChangeBackGround")]
public void ChangeBackGround()
{
Device.BeginInvokeOnMainThread(() =>
{
App.Current.MainPage.BackgroundColor = Color.Green;
});
}
}
public partial class App : Application
{
public App()
{
InitializeComponent();
MainPage = new MainPage();
}
private WebServer _WebServer;
protected override void OnStart()
{
var localIPAddress = GetLocalIPAddress();
var url = $"http://{localIPAddress}:8080";
Task.Factory.StartNew(async () =>
{
_WebServer = WebServerFactory.CreateWebServer<EventController>(url, "/api");
await _WebServer.RunAsync();
});
((MainPage)MainPage).Url = url;
}
private string GetLocalIPAddress()
{
var IpAddress = Dns.GetHostAddresses(Dns.GetHostName()).FirstOrDefault();
if (IpAddress != null)
return IpAddress.ToString();
throw new Exception("Could not locate IP Address");
}
protected override void OnSleep()
{
}
protected override void OnResume()
{
}
}
The scenario currently works on the iOS simulator and an Android physical device. But I always get ERR_EMPTY_RESPONSE even when I've setup the port forwarding rules.
Any help would be much appreciated.
Please first make sure your android emulator could connect internet properly.
If the problem perisist, you can try the following methods:
Method 1:
1.start your Command prompt by runing as an admistrator;
2.Run the following commands in sequence:
netsh int ip reset c:\resetlog.txt
netsh winsock reset
ipconfig /flushdns
exit
Method 2: (If method 1 didn't work,try modthod 2)
Open your Control Panel -->NetWork and Internet-->Network and Sharing Center-->Change adapter settings-->right click Ethenet and click Properties-->select Internet Protocol 4-->click Properties -->using the following NDS server addresses
Fill in the following configuration:
Preferred NDS Server: 1.1.1.1
Alternate NDS Server: 1.0.0.1
Method 3: (If above methods didn't work,try modthod 3)
Open Settings in your PC-->Open NetWork and Internet-->click Nnetwork reset-->press Reset Now
Note:
For more details, you can enter keywords How to fix "ERR_EMPTY_RESPONSE" Error [2021] in your browser and then you will find relative tutorail.
You should have you service listening on either one of these IPs:
127.0.0.1: The emulated device loopback interface (preferred, I don't think you have reasons to use a different one)
10.0.2.15: The emulated device network/ethernet interface
See https://developer.android.com/studio/run/emulator-networking#networkaddresses

Can you run a asp.net core 3.0 gRPC CLIENT in IIS? (possibly on Azure?)

I've read a lot of conflicting information about this and it seems people are not 100% clear on what is possible and what is not. I am certain that you cannot host a gRPC server app in IIS due to the HTTP/2 limitations. The documentation is pretty clear. However, I want to use IIS as a reverse proxy, with the internal side communicating using gRPC. So the client would be in IIS, not the server. I assumed that since the communication at this point (i.e. the back end) was not funneled through IIS, there would be no issue with this. However, I keep seeing mixed answers.
I have created a dumb webapp that is hosted in IIS Express and can successfully post to my service running on Kestrel with gRPC.
Client code sample below. The SubmitButton is just a form post on the razor page.
public async void OnPostSubmitButton()
{
// The port number(5001) must match the port of the gRPC server.
using var channel = GrpcChannel.ForAddress("https://localhost:5001");
var client = new Greeter.GreeterClient(channel);
var reply = await client.SayHelloAsync(
new HelloRequest { Name = "GreeterClient" });
Console.WriteLine("Greeting: " + reply.Message);
Console.WriteLine("Press any key to exit...");
Console.ReadKey();
}
Server code is the boilerplate template for gRPC but looks like this:
namespace grpcGreeter
{
public class Program
{
public static void Main(string[] args)
{
CreateHostBuilder(args).Build().Run();
}
// Additional configuration is required to successfully run gRPC on macOS.
// For instructions on how to configure Kestrel and gRPC clients on macOS, visit https://go.microsoft.com/fwlink/?linkid=2099682
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup<Startup>();
});
}
}
namespace grpcGreeter
{
public class GreeterService : Greeter.GreeterBase
{
private readonly ILogger<GreeterService> _logger;
public GreeterService(ILogger<GreeterService> logger)
{
_logger = logger;
}
public override Task<HelloReply> SayHello(HelloRequest request, ServerCallContext context)
{
return Task.FromResult(new HelloReply
{
Message = "Hello " + request.Name
});
}
}
}
This works. But, because I keep seeing mixed information saying it that it won't, I am not certain that once I go to deploy the client code (i.e. the reverse proxy), if I will run into problems. I would like to use a host like Azure...but don't know if it's possible or not.
Any clarity on the subject would be greatly appreciated.
As far as I know, we could use asp.net core mvc or razor page application as the client to call the grpc server.
But gRPC client requires the service to have a trusted certificate when you hosted the application on remote server IIS.
If you don't have the permission to install the certificate, you should uses HttpClientHandler.ServerCertificateCustomValidationCallback to allow calls without a trusted certificate.
Notice: this will make the call not security.
Additional configuration is required to call insecure gRPC services with the .NET Core client. The gRPC client must set the System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport switch to true and use http in the server address.
Code as below:
AppContext.SetSwitch(
"System.Net.Http.SocketsHttpHandler.Http2UnencryptedSupport", true);
var httpClientHandler = new HttpClientHandler();
// Return `true` to allow certificates that are untrusted/invalid
httpClientHandler.ServerCertificateCustomValidationCallback =
HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
var httpClient = new HttpClient(httpClientHandler);
var channel = GrpcChannel.ForAddress("https://localhost:5001",
new GrpcChannelOptions { HttpClient = httpClient });
var client = new Greeter.GreeterClient(channel);
var response = await client.SayHelloAsync(new HelloRequest { Name = "World" });

How can I manually (programatically) verify a server is trusted via a bridge certificate?

I need to verify that a server is trusted in the machine root certificate store but need to accommodate the scenario that a bridge CA could be used.
According to MSDN, this method of using a TCPClient, then opening the socket seems to be the most preferred way to inspect a SSL Stream's certificate.
When my function hits the ValidateServerCertificate function, I intend to inspect the chain object to determine if a Root certificate is stored in the trusted root certificate store on the computer. Easy enough.
The complexity (and lack of knowledge) comes in when I need to follow a
"bridge certificate" that is used to cross sign multiple PKI trees. I'm unsure if the bridge certificate will appear in the local store, the chain, or some other place (if at all).
Furthermore I'm unsure how to follow the branching logic that may occur, since the bridge can occur at any level of the tree.
Suggestions, direction, or a flowchart is welcome
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading.Tasks;
namespace sockittome
{
class Program
{
static void Main(string[] args)
{
string machineName = "pesecpolicy.bankofamerica.com";
// Create a TCP/IP client socket.
// machineName is the host running the server application.
TcpClient client = new TcpClient(machineName, 443);
// Create an SSL stream that will close the client's stream.
SslStream sslStream = new SslStream(
client.GetStream(),
false,
new RemoteCertificateValidationCallback(ValidateServerCertificate),
null
);
// The server name must match the name on the server certificate.
try
{
sslStream.AuthenticateAsClient(machineName);
}
catch (AuthenticationException e)
{
Console.WriteLine("Exception: {0}", e.Message);
if (e.InnerException != null)
{
Console.WriteLine("Inner exception: {0}", e.InnerException.Message);
}
Console.WriteLine("Authentication failed - closing the connection.");
client.Close();
return;
}
}
// The following method is invoked by the RemoteCertificateValidationDelegate.
public static bool ValidateServerCertificate(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors)
{
// How do I verify the root certificate is installed?
// What is the simple way (check certificate hash in the computer store)?
// What is the complete way (look for bridge certificates ?????)
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
}
}

ASP.net app connection REDIS SocketFailure on Ping

I just installed the REDIS server in one of my development servers. And i am trying to connect my localhost application with this external server. I am using StackExchange.REDIS api to make the connection to this REDIS server located at my internal development server 10.26.130.170. I installed the REDIS software with everything default, and made no customization's so far.
Here is the connection class from my project ::
public sealed class RedisSingleton
{
private static Lazy<ConfigurationOptions> configOptions = new Lazy<ConfigurationOptions>(() =>
{
var configOptions = new ConfigurationOptions();
configOptions.EndPoints.Add("10.26.130.170:6379");
configOptions.ClientName = "MyAppRedisConn";
configOptions.ConnectTimeout = 100000;
configOptions.SyncTimeout = 100000;
configOptions.AbortOnConnectFail = true;
return configOptions;
});
private static Lazy<ConnectionMultiplexer> LazyRedisconn = new Lazy<ConnectionMultiplexer>(
() => ConnectionMultiplexer.Connect(configOptions.Value));
public static ConnectionMultiplexer ActiveRedisInstance
{
get
{
return LazyRedisconn.Value;
}
}
}
Please advise on some suggestions. Is there a way i can quickly check in my localhost and verify the connection reach to the REDIS server at the port 6379 using ping or some other command.
The 6379 port is not open on the remote server of redis. I found it with the help of the windows PortQueryUI tool.
I found the solution by opening the port at the remote server.
https://stackoverflow.com/a/40164691/86023

Set IP address of HttpWebRequest

I have a site with a fixed IP address, and I make c# calls to backend data server methods via HttpWebRequest. This backend system will be set to only permit incoming requests from my site's IP fixed address.
Is there a way to set the IP address of the HttpWebRequest to my site's IP (I suspect my cloud host or .net is somehow permitting other IPs being used)?
I'm not trying to spoof an IP; I want ensure that my asp.net code uses the site's own dedicated IP, or at least check to see what IPs it may be using when it makes requests.
Use the HttpWebRequest.ServicePoint.BindIPEndPointDelegate property:
request.ServicePoint.BindIPEndPointDelegate = delegate
{
return new IPEndPoint(IPAddress.Parse("10.0.0.3"), 0);
};
Example:
using System;
using System.Net;
using System.IO;
class Program
{
public static void Main ()
{
var request = (HttpWebRequest)HttpWebRequest.Create ("http://smsc.vianett.no/ip/");
request.ServicePoint.BindIPEndPointDelegate = delegate { return new IPEndPoint(IPAddress.Parse("YOUR_IP_HERE"), 0); };
var response = (HttpWebResponse)request.GetResponse ();
Console.WriteLine (new StreamReader (response.GetResponseStream ()).ReadToEnd ());
}
}

Resources