I am new to C # programming and have managed to develop an insecure C # web server server. The server works as expected when clients connect to the server from a browser and C # client application using ws://serverhostname:portnumber.
Now we need to move the production server to protect the websocket server. I tried to look for help on many sites, but still do not really understand how to maintain a secure connection on the network.
After much research on the Internet, I found that we are creating a secure websocket server below on the server.
- Create a signed certificate on the server to be used in
AuthenticateAsServer. - Use the class
SslStreamto create a secure stream.
But things that are still not clear to me.
- Do we need to use only an object
SslStreamto send and receive data on a secure web server, or do we need to use SslStreamonly to establish a connection, and then use a socket object (for example, my insecure server) to send and receive data to a website. - Do we need to perform a websocket handshake between the client and the server, that is, to upgrade from http to websocket.
- How do we encrypt or decrypt data on
SslStream.
Could you help me with the source code or links for linking to the source code, since I tried my best to get the information, but could not find it at the moment.
source
share