Configuring .NET Clients to Use TLS with InterSystems IRIS
You can configure a .NET client application to use TLS when it communicates with InterSystems IRIS® data platform. This communication occurs through the superserver, so a related required step is setting up the superserver to use TLS; the process of creating or editing a configuration generally is described in Create or Edit a TLS Configuration and that of setting up a superserver to use TLS is described specifically in Configuring the InterSystems IRIS Superserver to Use TLS.
The process for establishing a .NET connection that uses TLS is:
Ensure that you have installed any relevant CA certificates for verifying the server certificate. The location for these is the current user’s certificate store (Certificates – Current User\Trusted Root Certification Authorities).
Establish a connection to a server, based on the format of the connection string as described in the Creating a Connection section of “Connecting to the InterSystems Database”. In addition to the name-value pairs for the server, port, and namespace, include the SSL keyword and specify its value as true. For example, a connection that uses TLS protection might have a connection string of the form:
IrisConnect.ConnectionString = "Server=localhost; Port=1972; Namespace=TESTNAMESPACE; SSL=true;" + "Password=SYS; User ID=_SYSTEM;";Copy code to clipboard
The true value of the SSL keyword specifies that TLS secures the client-server connection (by authenticating the InterSystems IRIS server to the .NET client and, optionally, authenticating the client to the server). Once the secure connection is established, the InterSystems IRIS server uses the User ID and Password keywords to authenticate the identity of the user connecting through the .NET client. (Note that the connection string does not specify anything related to mutual authentication; it merely specifies a server, which in turn may request or require client authentication.)