ASP.NET Core grpc client : configuring HTTP authorization

0

Following the documentation at https://docs.microsoft.com/fr-fr/aspnet/core/grpc/authn-and-authz?view=aspnetcore-3.0#bearer-token-authentication, I try to configure my GRPC client to automatically inject a JWT token.

    private static GrpcChannel CreateAuthenticatedChannel(string address)
    {
        var _token = "xxx"; //using some hardcoded JWT token for testing
        var credentials = CallCredentials.FromInterceptor((context, metadata) =>
        {
            if (!string.IsNullOrEmpty(_token))
            {
                metadata.Add("Authorization", $"Bearer {_token}");
            }
            return Task.CompletedTask;
        });

        var channel = GrpcChannel.ForAddress(address, new GrpcChannelOptions
        {
            Credentials = ChannelCredentials.Create(ChannelCredentials.Insecure, credentials)
        });
        return channel;
    }

But it chokes on an exception "Supplied channel credentials do not allow composition" in Grpc.Core

System.ArgumentException
  HResult=0x80070057
  Message=Supplied channel credentials do not allow composition.
  Source=Grpc.Core.Api
  StackTrace:
   at Grpc.Core.Utils.GrpcPreconditions.CheckArgument(Boolean condition, String errorMessage)
   at Grpc.Core.ChannelCredentials.CompositeChannelCredentials..ctor(ChannelCredentials channelCredentials, CallCredentials callCredentials)
   at Grpc.Core.ChannelCredentials.Create(ChannelCredentials channelCredentials, CallCredentials callCredentials)
   at Service2.StartupCommon.CreateAuthenticatedChannel(String address) in xxx\Service2\StartupCommon.cs:line 32

What does this mean ? How am I suppose to provide the HTTP Authorization header ?

asp.net-core
grpc
asp.net-core-3.0
asked on Stack Overflow Nov 22, 2019 by Christophe Blin

1 Answer

0

After some digging in the Grpc source code for c#, especially https://github.com/grpc/grpc/blob/master/src/csharp/Grpc.Core.Api/ChannelCredentials.cs, we can see that ChannelCredentials.Insecure does not override IsComposable (whereas SslCredentials that is available at Grpc.Core.Api/SslCredentials.cs does override that setting)

So i think it is intended by the authors to prevent credentials on insecure channel and you have to use new SslCredentials().

So I've tried to setup HTTPS on my local machine, and after some problems (i.e I had to create an ASP.NET web api project and start it so it propose to create an HTTPS certificate and to add it into the Windows trusted authorities, more or less based on Enable SSL in Visual Studio), everything works

So if there are some people from microsoft ASP.NET core documentation, please revise your documentation :

// SslCredentials is used here because this channel is using TLS.
// Channels that aren't using TLS should use ChannelCredentials.Insecure instead.
var channel = GrpcChannel.ForAddress(address, new GrpcChannelOptions
{
    Credentials = ChannelCredentials.Create(new SslCredentials(), credentials)
});

This is not true : you MUST use a secured channel to be able to change credentials

answered on Stack Overflow Nov 22, 2019 by Christophe Blin

User contributions licensed under CC BY-SA 3.0