dohertj2/histsdk
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
6b385441c1c9547b8fd7cf9a8869cd2783beb9e4
histsdk/src/AVEVA.Historian.Client/HistorianClientOptions.cs
T
Joseph Doherty 7502575204 Add HistorianClientOptions.ServerDnsIdentity for cert-binding overrides 
When the server cert's CN/SAN doesn't match the URL host (typical for
installer-generated AVEVA Historian certs that claim DNS=localhost
even when reached over a LAN IP), WCF rejects the channel with
"Identity check failed for outgoing message". Set ServerDnsIdentity
to whatever the cert claims (often "localhost") to satisfy the check.
The endpoint address for the cert binding is constructed with a
DnsEndpointIdentity when the option is non-null.

Default null. Pairs with AllowUntrustedServerCertificate so a Linux
client can talk to a self-signed dev Historian over RemoteTcpCertificate.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-04 23:08:33 -04:00

53 lines
2.1 KiB
C#
Raw Blame History

using AVEVA.Historian.Client.Models;
namespace AVEVA.Historian.Client;
public sealed class HistorianClientOptions
{
public const int DefaultPort = 32568;
public required string Host { get; init; }
public int Port { get; init; } = DefaultPort;
public TimeSpan ConnectTimeout { get; init; } = TimeSpan.FromSeconds(5);
public TimeSpan RequestTimeout { get; init; } = TimeSpan.FromSeconds(30);
public string UserName { get; init; } = string.Empty;
public string Password { get; init; } = string.Empty;
public bool IntegratedSecurity { get; init; }
public bool Compression { get; init; }
public HistorianConnectionKind ConnectionKind { get; init; } = HistorianConnectionKind.Process;
public HistorianTransport Transport { get; init; } = HistorianTransport.LocalPipe;
public string TargetSpn { get; init; } = @"NT SERVICE\aahClientAccessPoint";
/// <summary>
/// When true, the WCF channel factories used by the SDK accept the server's
/// X.509 certificate without chain validation. Useful when connecting to a
/// development / on-prem Historian whose <c>/HistCert</c> endpoint presents an
/// installer-generated self-signed cert that isn't in the local trust store
/// (notably .NET WCF on Linux ignores the system CA bundle for its own
/// X509Chain checks). Default false; do not enable in production where the
/// server's identity matters.
/// </summary>
public bool AllowUntrustedServerCertificate { get; init; }
/// <summary>
/// Overrides the expected DNS identity in the endpoint address — set this to
/// whatever DNS name the server's certificate actually claims (often
/// <c>localhost</c> on installer-generated AVEVA Historian certificates) when
/// connecting via IP address or a hostname that doesn't match the cert SAN/CN.
/// Without this override WCF rejects the channel with
/// "Identity check failed for outgoing message". Has no effect on transports
/// that don't validate a server certificate.
/// </summary>
public string? ServerDnsIdentity { get; init; }
}
Reference in New Issue View Git Blame Copy Permalink