0

When using C# and TCP, what is the best approach to let a client identify himself using a username and password and then allow multiple packets to be sent from the server to the client and from the client to the server without sending the username & password each time? Thread for each user? Token that's sent with each packet?

Also, how to make sure that only the client is able to read the data that the server is sending & vice versa? Just using SSLStream?

Eli_Rozen
  • 1,301
  • 4
  • 20
  • 31
  • 1
    There are no "packets" in TCP. It's basically a continuous stream of bytes. So once the user has authenticated, the whole connection is authenticated (assuming you use SSL or the like to prevent spoofing and eavesdropping, which are actually pretty rare anyway). – cHao Jan 04 '14 at 20:25
  • Yeah, I understand that, but how to make that: user sends a request with username and password -> server approves and "asks" the client questions, (like "what data do you have?") -> client responds to the server and I can trust that client, without needing to send the username & password each time? – Eli_Rozen Jan 04 '14 at 20:28
  • You can never *fully* trust the client. But for the life of the TCP connection, you can be reasonably confident that the client you're talking to is the one that authenticated at the start of the connection. Much more so if you use SSL. – cHao Jan 04 '14 at 20:30

1 Answers1

1

You are too low-level. What you need is an application protocol on top of TCP that supports authentication. One of the options may be HTTP. When working with .NET, the commonly used approach is leveraging WCF (Windows Communication Foundation). You can build a WCF service that will require authentication, such as “username and password” as you mention, while still being flexible about what underlying means of communication are used (e.g. SOAP and HTTP, or plain TCP and WCF's custom binary protocol, etc.).

Ondrej Tucny
  • 27,626
  • 6
  • 70
  • 90
  • So if I want to build a service for syncing user's data between multiple platforms, WCF is a good solution? – Eli_Rozen Jan 04 '14 at 20:38
  • Yes. WCF supports many web services standards that are interoperable among platforms. The learning curve is quite steep (especially in respect to WCF's XML configuration), but generally it's worth leveraging it. It is *definitely* better than inventing your own application protocol and trying to make it secure. – Ondrej Tucny Jan 04 '14 at 21:10
  • Thanks for the help. You just introduced me into a whole new world and probably saved my a lot of headache and time. – Eli_Rozen Jan 04 '14 at 21:12