Add example for ALPN usage. (#8487)

* Add example for ALPN usage.

* Fix compilation

* Apply suggestions from code review

Co-authored-by: Ahmet Ibrahim AKSOY <[email protected]>

* Apply suggestions from code review

Co-authored-by: Anton Firszov <[email protected]>

Co-authored-by: Ahmet Ibrahim AKSOY <[email protected]>
Co-authored-by: Anton Firszov <[email protected]>

Author: 3 people

snippets/csharp/System.Net.Security/ALPN/Project.csproj

@@ -0,0 +1,8 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFrameworks>net6.0</TargetFrameworks>
+  </PropertyGroup>
+   
+</Project>

snippets/csharp/System.Net.Security/ALPN/alpn.cs

@@ -0,0 +1,74 @@
+using System.Collections.Generic;
+using System.Net;
+using System.Net.Security;
+using System.Net.Sockets;
+using System.Security.Cryptography.X509Certificates;
+using System.Text;
+using System.Threading.Tasks;
+
+async Task RunServer()
+{
+    using X509Certificate2 serverCertificate = new("contoso.com.pfx", "testcertificate");
+
+
+    var listener = new TcpListener(IPAddress.Loopback, 5004);
+    listener.Start();
+    using var server = await listener.AcceptTcpClientAsync();
+    listener.Stop();
+
+    await Server(server.GetStream(), serverCertificate);
+}
+
+async Task RunClient()
+{
+    using var client = new TcpClient();
+
+    await client.ConnectAsync(new IPEndPoint(IPAddress.Loopback, 5004));
+
+    await Client(client.GetStream(), "testserver.contoso.com");
+}
+
+//<snippet>
+async Task Server(NetworkStream stream, X509Certificate2 serverCertificate)
+{
+    using var server = new SslStream(stream);
+
+    await server.AuthenticateAsServerAsync(new SslServerAuthenticationOptions
+    {
+        ServerCertificate = serverCertificate,
+        ApplicationProtocols = new()
+        {
+            new("protocol1"),
+            new("protocol2"),
+        }
+    });
+
+    string protocol = Encoding.ASCII.GetString(server.NegotiatedApplicationProtocol.Protocol.Span);
+    System.Console.WriteLine($"Server - negotiated protocol: {protocol}");
+}
+
+async Task Client(NetworkStream stream, string hostName)
+{
+    using var client = new SslStream(stream);
+
+    await client.AuthenticateAsClientAsync(new SslClientAuthenticationOptions
+    {
+        // the host name must match the name on the certificate used on the server side
+        TargetHost = hostName,
+        ApplicationProtocols = new()
+        {
+            new("protocol2"),
+            new("protocol3")
+        }
+    });
+
+    string protocol = Encoding.ASCII.GetString(client.NegotiatedApplicationProtocol.Protocol.Span);
+    System.Console.WriteLine($"Client - negotiated protocol: {protocol}");
+}
+
+// possible output:
+//   Server - negotiated protocol: protocol2
+//   Client - negotiated protocol: protocol2
+//</snippet>
+
+await Task.WhenAll(RunClient(), RunServer());

snippets/visualbasic/System.Net.Security/ALPN/Project.vbproj

@@ -0,0 +1,8 @@
+<Project Sdk="Microsoft.NET.Sdk">
+
+  <PropertyGroup>
+    <OutputType>Exe</OutputType>
+    <TargetFrameworks>net6.0</TargetFrameworks>
+  </PropertyGroup>
+
+</Project>

snippets/visualbasic/System.Net.Security/ALPN/alpn.vb

@@ -0,0 +1,73 @@
+Imports System.Net
+Imports System.Net.Security
+Imports System.Net.Sockets
+Imports System.Security.Cryptography.X509Certificates
+Imports System.Text
+
+Module MainModule
+    Async Function RunServer() As Task
+        Using serverCertificate As X509Certificate2 = New X509Certificate2("contoso.com.pfx", "testcertificate")
+            Dim listener as New TcpListener(IPAddress.Loopback, 5004)
+            listener.Start()
+            Using tcpServer As TcpClient = Await listener.AcceptTcpClientAsync()
+                listener.Stop()
+                Await Server(tcpServer.GetStream(), serverCertificate)
+            End Using
+        End Using
+    End Function
+
+    Async Function RunClient() As Task
+        Using tcpClient as TcpClient = New TcpClient()
+            Await tcpClient.ConnectAsync(new IPEndPoint(IPAddress.Loopback, 5004))
+            Await Client(tcpClient.GetStream(), "testserver.contoso.com")
+        End Using
+    End Function
+
+    '<snippet>
+    Async Function Server(stream As NetworkStream, serverCertificate As X509Certificate2) As Task
+        Using serverStream As SslStream = new SslStream(stream)
+            Dim options as New SslServerAuthenticationOptions() With
+            {
+                .ServerCertificate = serverCertificate,
+                .ApplicationProtocols = New List(Of SslApplicationProtocol) From
+                {
+                    New SslApplicationProtocol("protocol1"),
+                    New SslApplicationProtocol("protocol2")
+                }
+            }
+            Await serverStream.AuthenticateAsServerAsync(options)
+
+            Dim protocol As String = Encoding.ASCII.GetString(
+                serverStream.NegotiatedApplicationProtocol.Protocol.Span)
+            System.Console.WriteLine($"Server - negotiated protocol: {protocol}")
+        End Using
+    End Function
+
+    Async Function Client(stream As NetworkStream, hostName As String ) As Task
+        Using clientStream As SslStream = new SslStream(stream)
+            Dim options as New SslClientAuthenticationOptions() With
+            {
+                .TargetHost = hostName,
+                .ApplicationProtocols = New List(Of SslApplicationProtocol) From
+                {
+                    New SslApplicationProtocol("protocol2"),
+                    New SslApplicationProtocol("protocol3")
+                }
+            }
+            Await clientStream.AuthenticateAsClientAsync(options)
+
+            Dim protocol As String = Encoding.ASCII.GetString(
+                clientStream.NegotiatedApplicationProtocol.Protocol.Span)
+            System.Console.WriteLine($"Client - negotiated protocol: {protocol}")
+        End Using
+    End Function
+
+    ' possible output:
+    '   Server - negotiated protocol: protocol2
+    '   Client - negotiated protocol: protocol2
+    '</snippet>
+
+    Sub Main()
+        Task.WhenAll(RunClient(), RunServer()).GetAwaiter().GetResult()
+    End Sub
+End Module

xml/System.Net.Security/SslApplicationProtocol.xml

@@ -48,6 +48,13 @@ This type contains static fields with predefined <xref:System.Net.Security.SslAp
 During the handshake, the client sends a list of available ALPN protocols and the server chooses the best match from that list. 
 
 For a complete list of supported protocols, see [TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs](https://www.iana.org/assignments/tls-extensiontype-values/tls-extensiontype-values.xhtml#alpn-protocol-ids).
+
+## Examples
+
+The following code example demonstrates negotiation of the application-level protocol on <xref:System.Net.Security.SslStream>. The server advertises support for `protocol1` and `protocol2`. The client advertises support for `protocol2` and `protocol3`. The commonly supported protocol (`protocol2`) gets negotiated during the handshake.
+
+ :::code language="csharp" source="~/snippets/csharp/System.Net.Security/ALPN/alpn.cs" id="snippet":::
+ :::code language="vb" source="~/snippets/visualbasic/System.Net.Security/ALPN/alpn.vb" id="snippet":::
     
  ]]></format>
     </remarks>