Site Map Contact Us Home
Home
Products
Articles
Downloads
Order
Support
E-mail Newsletter
Subscribe to get informed about
Clever Components news.
Your Name:
Your Email:
 
SUBSCRIBE
 
Previous Newsletters
 




Products Articles Downloads Order Support
Customer Portal      

SSL client / server for .NET

Submitted on February 8, 2007, Updated on April 19, 2010

Introduction

This article demonstrates how to exchange data in .NET using SSL / TLS classes from Internet Components - Clever Internet .NET Suite

See Clever Internet .NET Suite v 7.1 Notes

When developing Network applications, it may be necessary to transfer sensitive data between client and server. Network traffic can be easily intercepted and read by Network sniffers. The Clever Internet .NET Suite provides a set of classes which allow you to protect sensitive data by using SSL / TLS security protocol and transfer encrypted data over the Internet.

No HTTPS, FTPS or any other standard TCP protocol with SSL / TLS support required. The whole data is encrypted and transferred by simple set of native C# .NET classes.

Client and server connections

There are two classes representing client and server Network connections and implementing functionality for sending / receiving data over the Internet: TclClientConnection and TcpServerConnection:

TcpClientConnection client = new TcpClientConnection();
TlsNetworkStream tlsStream = new TlsNetworkStream();
client.NetworkStream = tlsStream;

client.Open(ip, port);
...

TcpServerConnection server = new TcpServerConnection();
TlsNetworkStream tlsStream = new TlsNetworkStream();
server.NetworkStream = tlsStream;

server.Open(port);
...

Both TclClientConnection and TcpServerConnection classes use special NetworkStream object to implement low-level Network communication. To make connections secured, you need to supply the TlsNetworkStream object which does all the work.

The Clever Internet .NET Suite supports different SSL / TLS protocol versions and allows you to specify server and client certificates:

tlsStream.TlsFlags = TlsFlags.UseTLS; //also available SSL 2.0 and SSL 3.0
tlsStream.GetCertificate += new GetCertificateEventHandler(GetServerCertificate);
tlsStream.RequireClientCertificate = true;

Certificates for secured connection

For establishing secured connection, SSL requires at least one certificate: the SSL certificate provided by server. You can use any SSL certificate installed on your PC as well as your own self-signed certificate. The Clever Internet .NET Suite provides special CertificateStore component which can load installed certificates from system storage or generate new certificate with given parameters. In case of using self-signed certificates, the TcpClientConnection does not automatically validate the certificate authority. So you need to use special CertificateFlags property which allows you to ignore certificate validation errors:

tlsStream.CertificateFlags = CertificateFlags.IgnoreCommonNameInvalid
   | CertificateFlags.IgnoreUnknownAuthority;

The following is a sample implementation of the SSL / TLS connections described in this article:
ConnectionSSL.zip

Please note! This code is working in the main application thread. So it is blocking the application GUI while sending, receiving or listening operations.

Multithreaded SSL client / server

The Clever Internet .NET Suite provides different classes for creating client / server applications either with custom Network protocol or any of the supported TCP protocols: HTTP, FTP, SMTP etc. Let's use the TcpServer class as basic class for implementing server-side application and the TcpClient class - for client application.

TcpServer opens listening port in separated thread and awaits connections from TcpClient clients. All what you need is to override some virtual methods and implement new connection object:

public class SslCommandConnection : CommandConnection {
...//here you can add any data associated with client session
}

public class SslServer : TcpServer {
   protected override CommandConnection CreateDefaultConnection() {
      return new SslCommandConnection();
   }

   protected override void OnConnectionRead(ConnectionDataEventArgs e) {
      base.OnConnectionRead(e);

      //handle received data
   }
}

In TcpClient, you need to implement some algorithm for providing information about the size of transferred data or about the structure of transferred message. This allows the client to determine the end of the transferred data or message:

public void ReceiveData(Stream data) {
   ...
   //read size of incoming data
   while(stream.Length < 8) {
      Connection.ReadData(stream);
   }
   stream.Position = 0;
   byte[] buf = new byte[8];
   stream.Read(buf, 0, buf.Length);
   long len = BitConverter.ToUInt32(buf, 0);

   ...
   //receive remaining data from server
   while(data.Length < len) {
      Connection.ReadData(data);
   }
}

A working sample of multithreaded client / server application can be downloaded at: ClientServerSSL.zip

In conclusion

The Clever Internet .NET Suite provides two additional classes for implementing custom client and server applications: TcpCommandClient and TcpCommandServer. Both these classes are optimized for using in command-based protocols such as FTP, SMTP or POP3. You are free to use it for implementing your own TCP command-based protocol. Details about using these classes will be discussed in one of the future articles.

Please feel free to Contact Us It will be our pleasure to answer your questions.

Clever Internet .NET Suite v 7.1 Notes

The newer version of the Clever Internet Suite has some changes in classes and methods. You will need to update sample code from this article in order to compile it with the latest version 7.1. Please see below the necessary code changes:

ConnectionSSL sample:

  • The TcpServerConnection.AcceptConnection method should be renamed to Accept.
  • The CertificateStore.AddSelfSigned method should be renamed to CreateSelfSigned. The CreateSelfSigned method does not add new certificate to the Items collection. You will have to do that manually: certStore.Items.Add(newCert);
    Also this method no longer accepts date range parameters. You need to use the corresponding properties of the CertificateStore component: ValidFrom and ValidTo.
  • TlsNetworkStream - it is necessary to specify TargetName in order to allow the client to verify server certificate.
  • CertificateFlags enum was renamed to CertificateVerifyFlags.

ClientServerSSL sample:

  • All changes from ConnectionSSL sample.
  • The StringStream.StringData property was renamed to DataString.
  • SslClient - it is necessary to implement abstract method: GetDefaultPort.
  • The SslCommandConnection class should be inherited from UserConnection instead of CommandConnection.
  • SslServer - the CreateDefaultConnection method should return UserConnection.

The updated samples can be downloaded here:

Best regards,
Sergey Shirokov 
Clever Components team.
www.clevercomponents.com

    Copyright © 2000-2024