关于grpc 我以前的文章  .Net Core3.0使用gRPC 和IdentityServer4 已经很向详细了， 关于http的双向认证 也已经有了， 大家可以参考 asp.net 5.0 https的双向认证(windows和ubuntu) ，今天主要试一下 在vccode 里面怎么完成全部的操作，证书还是用asp.net 5.0 https的双向认证(windows和ubuntu) 里面的， 结尾我会贴下来创建代码

Grpc Server

1.创建grpc server

创建结果如图：

​

2.现在我们创建grpcclient【 控制台程序】， 然后把cert文件夹拷贝到项目文件夹中，cert包含server.pfx和client.pfx证书

​

3. grpcserver项目需要用到server.pfx证书，grpcclient需要用到client.pfx证书 ，我习惯用相对目录，所以把证书拷贝到输出目录

用记事本修改grpcserver.csproj文件，添加 

  <ItemGroup>
    <None Update="cert\server.pfx">
      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
    </None>
  </ItemGroup>

同理grpcclient.csproj 也要修改

 <ItemGroup>
    <None Update="cert\client.pfx">
      <CopyToOutputDirectory>Always</CopyToOutputDirectory>
    </None>
  </ItemGroup>

​

4.修改grpcserver的Program.cs的CreateHostBuilder方法 需要添加引用：

using System.Security.Cryptography.X509Certificates;
using Microsoft.AspNetCore.Server.Kestrel.Https;
using System.Security.Authentication;
////////////////////////////////////////////
public static IHostBuilder CreateHostBuilder(string[] args) =>
            Host.CreateDefaultBuilder(args)
                .ConfigureWebHostDefaults(webBuilder =>
                {
                    webBuilder.UseStartup<Startup>();

                    webBuilder.ConfigureKestrel(kerstrel =>
                    {
                        kerstrel.ConfigureHttpsDefaults(https =>
                        {
                            var serverPath = AppDomain.CurrentDomain.BaseDirectory + "cert\\server.pfx";
                            var serverCertificate = new X509Certificate2(serverPath, "123456789");
                            https.ServerCertificate = serverCertificate;
                            https.ClientCertificateMode = ClientCertificateMode.AllowCertificate;
                            https.SslProtocols = SslProtocols.Tls12 | SslProtocols.Tls | SslProtocols.None | SslProtocols.Tls11;
                            https.ClientCertificateValidation = (cer, chain, error) =>
                            {
                                return chain.Build(cer);
                            };

                        });
                    });
                });

5 注意系统的版本， 我在win7下面 有如下错误HTTP/2 over TLS is not supported on Windows versions earlier than Windows 10 and Windows Server 2016 due to incompatible ciphers or missing ALPN support.现在修改grpcclient,将服务端的Protos/greet.proto拷贝到客户端Protos/greet.proto下，并在grpcclient.csproj项目文件中添加元素项组

<ItemGroup>
  <Protobuf Include="Protos\greet.proto" GrpcServices="Client" />
</ItemGroup>

添加必要的引用

dotnet add grpcclient.csproj package Grpc.Net.ClientFactory
dotnet add grpcclient.csproj package Google.Protobuf
dotnet add grpcclient.csproj package Grpc.Tools

​

客服端 代码：

  static void Main(string[] args)
        {
           var handler = new HttpClientHandler()
            {
                SslProtocols = SslProtocols.Tls12,
                ClientCertificateOptions = ClientCertificateOption.Manual,
                ServerCertificateCustomValidationCallback = (message, cer, chain, errors) =>
                {
                    return chain.Build(cer);
                }
            };
            var path = AppDomain.CurrentDomain.BaseDirectory + "cert\\client.pfx";
            var crt = new X509Certificate2(path, "123456789");
            handler.ClientCertificates.Add(crt);

             var channel = GrpcChannel.ForAddress("https://localhost:5001",new GrpcChannelOptions{HttpHandler=handler});
            var client =  new Greeter.GreeterClient(channel);
            var reply =  client.SayHello( new HelloRequest { Name = "GreeterClient" });
            Console.WriteLine("Greeting: " + reply.Message);
        }

运行结果：