SDK Setup Guides
C#
Authentication Server
you can configure the c# sdk itself as a ditto standard authentication service the server looks at the incoming credentials to decide whether to let a peer synchronize with the server or not you provide all of the signing and verifying keys yourself through the sdk, thereby making the resulting jwts ( https //jwt io/ ) properly authenticate with ditto now the web browser peer has a way to log in and sync with ditto, in onlinewithauthentication mode, while other devices are in sharedkey mode in this arrangement, the c# server peer chooses the read and write permissions that each authenticating peer will receive after login, if you proceed to sync using the websocket transport, be aware that there is no permission control in the reverse direction the server peer is always granted read/write access to all documents setup first, you need to create three keys a signing key in pem format openssl ecparam name prime256v1 genkey text | openssl pkcs8 topk8 nocrypt out priv key a verifiying key in pem format openssl ecparam name prime256v1 genkey text | openssl pkcs8 topk8 nocrypt out priv key a https //legacydocs ditto live/csharp/common/security/shared key usage we will have two small peer ditto instances running locally one configured as an http listener and identity provider one configured as a websocket client https //github com/getditto/samples/tree/master/c sharp server server code the server and their other devices can use sharedkey identity while a web browser can connect to this c# peer over lan and sync string appid = "your app id here"; string verifyingkey = @" begin public key \ end public key "; string signingkey = @" begin private key \ end private key "; string license = " "; string sharedkey = " "; var serveridentity = dittoidentity sharedkey( appid, sharedkey ); var serverditto = new ditto(serveridentity); serverditto devicename = "testserver"; serverditto setofflineonlylicensetoken(license); // server is an http/websocket server only var serverconfig = new dittotransportconfig(); serverconfig listen http enabled = true; serverconfig listen http interfaceip = "127 0 0 1"; serverconfig listen http port = 45001; serverconfig listen http websocketsync = true; serverconfig listen http identityprovider = true; serverconfig listen http identityprovidersigningkey = signingkey; serverconfig listen http identityproviderverifyingkeys add(verifyingkey); serverditto settransportconfig(serverconfig); try { ditto setofflineonlylicensetoken(license); ditto startsync(); } catch (dittoexception ex) { console writeline("there was an error starting ditto "); console writeline("here's the following error"); console writeline(ex tostring()); console writeline("ditto cannot start sync but don't worry "); console writeline("ditto will still work as a local database "); } // handle any incoming authentication requests serverditto dittoidentityproviderauthenticationrequest += (sender, args) => { console writeline("\ngot request "); console writeline(args thirdpartytoken); console writeline(args appid); if (args appid == appid && args thirdpartytoken == "jellybeans") { var success = new dittoauthenticationsuccess(); success accessexpires = datetime now + new timespan(1, 0, 0); success userid = "bob"; success readeverythingpermission = true; success writeeverythingpermission = true; args allow(success); } else { args deny(); } }; client code https //legacydocs ditto live/csharp/quick tips/authserver#client code integrate this into your web application because it's a web browser, only the websocket transport is available https //legacydocs ditto live/csharp/quick tips/authserver#server code const authhandler = { authenticationrequired async function(authenticator) { console log("login request "); await authenticator loginwithtoken("jellybeans", "provider"); }, authenticationexpiringsoon function(authenticator, secondsremaining) { console log(`auth token expiring in ${secondsremaining} seconds`) } } const identity = { type 'onlinewithauthentication', appid "your app id here", authhandler authhandler, enabledittocloudsync false, customauthurl "http //127 0 0 1 45001" } const ditto = new ditto(identity, 'ditto') const config = new transportconfig() config connect websocketurls push('ws\ //127 0 0 1 45001') config enableallpeertopeer() ditto settransportconfig(config) ditto startsync() enabling https the ditto authentication server has two modes https //software ditto live/dotnet/ditto/1 1 10/api reference/class ditto s d k 1 1 ditto http listen config html if those fields are empty (the default) then ditto will create an http listener, and you use http // and ws\ // urls in the javascript client this section will walk you through how to create a self signed certificate to set up an https authentication server on your own server or locally for development another common way to have https is to make your application server run http and then use a standard reverse proxy to terminate the tls, which is not covered by these examples https //legacydocs ditto live/csharp/quick tips/authserver#enabling https for development with https, you can create a self signed certificate using openssl bash openssl req new newkey rsa 4096 x509 sha256 days 365 nodes out mycertificate crt keyout mykey key bash generating a 4096 bit rsa private key +++ +++ writing new private key to 'mykey key' \ you are about to be asked to enter information that will be incorporated into your certificate request what you are about to enter is what is called a distinguished name or a dn there are quite a few fields but you can leave some blank for some fields there will be a default value, if you enter ' ', the field will be left blank \ country name (2 letter code) \[au]\ us state or province name (full name) \[some state]\ pa locality name (eg, city) \[]\ philadelphia organization name (eg, company) \[internet widgits pty ltd]\ mycompany organizational unit name (eg, section) \[]\ myapp common name (e g server fqdn or your name) \[] 127 0 0 1 email address \[]\ admin\@example com update your c# server code set tlskeypath and tlscertificatepath so that they contain paths to a valid tls key and certificate, then your server will become an https listener at the given port // server is an http/websocket server only var serverconfig = new dittotransportconfig(); serverconfig listen http enabled = true; serverconfig listen http interfaceip = "127 0 0 1"; serverconfig listen http port = 45001; serverconfig listen http websocketsync = true; serverconfig listen http identityprovider = true; serverconfig listen http tlskeypath = "/path/to/mykey key"; serverconfig listen http tlscertificatepath = "/path/to/mycertificate crt"; serverconfig listen http identityprovidersigningkey = signingkey; serverconfig listen http identityproviderverifyingkeys add(verifyingkey); ditto settransportconfig(serverconfig); update your client code now, use https // and wss\ // urls in the client sdk const identity = { type 'onlinewithauthentication', appid "your app id here", authhandler authhandler, enabledittocloudsync false, customauthurl "https //127 0 0 1 45001" } const ditto = new ditto(identity, 'ditto') const config = new transportconfig() config connect websocketurls push('wss\ //127 0 0 1 45001') config enableallpeertopeer() ditto settransportconfig(config) ditto startsync() trust the certificate visit https //127 0 0 1 45001/ ditto/auth/login and manually go through the steps to accept the cert in your browser troubleshooting if you have a typo in either directory name or path, you’ll get err connection refused if you have it set to the right path but with an untrusted certificate, you’ll get err cert invalid you get err ssl protocol error when the trusted certificate doesn’t match the one you’re using as the tlscertificatepath you can also set up your own dns record, so you access the host via your chosen common name rather than 127 0 0 1 create a static record on your lan's dns server create an entry in the https //en wikipedia org/wiki/hosts %28file%29