c# - How to access gRPC service from WPF running .NET 4.7.2?

Question

I have created a gRPC service in .NET Core which needs to be used from a legacy WPF application running on .NET 4.7.2. The existing WPF application is huge and can't be converted immediately to .NET Core and the effort isn't worth it just to use gRPC. My question is, is there a way to use the gRPC service from .NET 4.7.2 WPF?

Answer 1

I finally got a working solution for this problem with:

• Asp .NET Core 3.1 Server (using the new grpc-dotnet package) and
• .NET Framework 4.7.2 WPF-Client (using old C wrapper grpc package)

The main problem was to find a solution to accept a self-signed SSL server certificate from a remote client, which is a mandatory for our scenario.

The server gets a generated certificate using a solution like provided here (solution also works with any valid certificate): https://gist.github.com/mivano/356d4f0354d997370e3c2e62809cdeef

• adjusted Subject/FriendlyName to something more meaningful
• adjusted DnsName to the IP or Hostname of the server (which is used by the clients)
• adjusted NotAfter to desired end date
• adjusted $pfxPassword

Important thing to mention here: the DNS or IP of the server is verified by the client so it has to be part of the certificate.

gRPC Server was configured this way (could also be achieved through .appsettings.json):

 webBuilder.ConfigureKestrel(
    options =>
    {
        options.Listen(
            IPAddress.Any,
            <your port>,
            listenOptions =>
            {
                listenOptions.UseHttps("<your.pfx path>", "<your passphrase>");
                listenOptions.Protocols = HttpProtocols.Http2;
            });
    });

gRPC Client:

• Create a .pem File from your .pfx (using openssl):

openssl pkcs12 -in "<pfx path>.pfx" -out "<pem path>.pem" -clcerts

How do you create a gRPC client in .NET Framework?

• read the .pem File in your client and use it for the gRPC channel:

Channel:

var channelCredentials = new SslCredentials(
    File.ReadAllText("<path to pem>.pem"), null, verifyPeerCallback => true);
var serviceChannel = new Channel("<DnsName from cert", <port>, channelCredentials);
var serviceProxy = new GrpcService.GrpcServiceClient(serviceChannel );

The client can also be implemented to dynamically download the certificate from the server using a regualar HttpClient.Get with a proper HttpClientHandler and attached ServerCertifacteCustomValidationCallback. The pem has to be created in memory before the service channel creation: https://github.com/grpc/grpc/issues/8978#issuecomment-283469676