.NET client security examples

Review the .NET client security examples to learn what configuration properties you have to set when connecting to secured or unsecured clusters.

The following code snippets give you a few simple examples on what configuration properties you need to set for your Kafka clients when connecting them to either secured or unsecured Kafka clusters. Use the following examples as a starting point and make changes as necessary.

Unsecure

var producerConfig = new ProducerConfig
{
   BootstrapServers = "***BROKER HOST***:***PORT***"
};

SSL

var producerConfig = new ProducerConfig
{
   BootstrapServers = "***BROKER HOST***:***PORT***",
   SecurityProtocol = SecurityProtocol.Ssl,
   SslCaLocation = "***PATH TO BROKER CA CERTIFICATE***",
   SslKeystoreLocation = "***KEYSTORE LOCATION***", // client’s keystore, pkcs12 format
   SslKeystorePassword = "***KEYSTORE PASSWORD***” // client’s keystore password
 };

PLAIN (LDAP, PAM, and others)

var producerConfig = new ProducerConfig
{
   BootstrapServers = "***BROKER HOST***:***PORT***",
   SecurityProtocol = SecurityProtocol.SaslSsl,
   SaslMechanism = SaslMechanism.Plain,
   SslCaLocation = "***PATH TO BROKER CA CERTIFICATE***",
   SaslUsername = "***USERNAME***",
   SaslPassword = "***PASSWORD***" 
};

Kerberos

var producerConfig = new ProducerConfig
{
   BootstrapServers = "***BROKER HOST***:***PORT***",
   SecurityProtocol = SecurityProtocol.Sasl,
   SaslMechanism = SaslMechanism.Gssapi,
   SaslKerberosServiceName = "kafka"   
};

Schema Registry

Review the .NET client security examples to learn what configuration properties you have to set when connecting to secured or unsecured clusters.

The following code snippets give you a few simple examples on what configuration properties you need to set for your Schema Registry clients when connecting them to either secured or unsecured Schema Registry. Use the following examples as a starting point and make changes as necessary.
Unsecure
var schemaRegistryConfig = new SchemaRegistryConfig {
    Url = "http://***SCHEMA REGISTRY HOST***:***PORT***/api/v1"
};
SSL/Mutual TLS
var schemaRegistryConfig = new SchemaRegistryConfig {
    Url = "https://***SCHEMA REGISTRY HOST***:***PORT***/api/v1",
    SslCaLocation = "***PATH TO SCHEMA REGISTRY CA CERTIFICATE***",
    SslKeystoreLocation = "***KEYSTORE LOCATION***",
    SslKeystorePassword = "***KEYSTORE PASSWORD***"
};
PLAIN/Knox authentication
var schemaRegistryConfig = new SchemaRegistryConfig {
    Url = "https://***SCHEMA REGISTRY HOST***:***PORT***/api/v1",
    SslCaLocation = "***PATH TO SCHEMA REGISTRY CA CERTIFICATE***",
    BasicAuthCredentialsSource = AuthCredentialsSource.UserInfo,
    BasicAuthUserInfo = "***USERNAME***:***PASSWORD***"
};