How can I do simple channel authentication with gRPC in dotnet?
I want to pass just the client machine name and the client service name during the channel connection, and then be able of getting those in the server once, as a way of identifying where are the request coming from.
I do not want to pass them as metadata in every call, and I do not want to implement an additional method for that. I have been taking a look to the documentation and trying to implement some abstract classes like ServerCredentials but I do not see how it would be done neither if it is even possible due some internal classes.
Of course I do not want to use SSL certs for this, neither OAuth2.
Auth Data in Metadata
Passing them in metadata one good solution. Take a look at hpack. Your header will be compressed, will take only a few bytes.
You cannot bind your auth data to the channel, as it is not guaranteed in HTTP/2, that the same TCP channel will be used for subsequent calls.
That said, I am still waiting for a proper example form the GRPC java team on Metadata based custom authentication.
Stream-based authentication
Stream-based authentication is also an option in case you want to save auth data between subsequent calls of the same API. In my interpretation this it means, that you have to pass authentication data only in the beginning of a stream. Your StreamObserver can then save the authentication data and reuse it in subsequent onNext() calls. I use this approach, it works really well.
Example
service MyService {
rpc myFunction(stream MyMessage) returns (stream MyResponse)
}
message MyMessage {
string user = 1;
string password = 2;
int32 myMessageVariable = 3;
}
user / password should only be set in the first onNext(myMessage) call on the requestObserever.
This is also really efficient, because on the wire the stream is represented by the StreamId which is a single byte (depending on how many streams you have open at the same time).
来源:https://stackoverflow.com/questions/50725167/custom-channel-based-authentication-with-grpc