使用 MQTTnet 存取遠端 mosquitto Broker with username

前言

在前一篇 使用 MQTTnet 匿名存取遠端 mosquitto Broker 設定 mosquitto 的 listener 1883 及 allow_anonymous true 讓它允許匿名遠端存取。
為了安全性，連線時應該要使用帳/密驗證，
所以本文介紹如何設定 mosquitto Broker ，
讓它可以透過使用者帳號及密碼驗證才能連線。

實作

要設定 mosquitto 使用帳/密驗證，
調整如下，

1.建立 password file 檔案
例如 pwdfile.txt，新增帳號及密碼，使用 : 分隔，先建立一個帳/密資料，如下，

mqttuser:p@ssw0rD

2.使用 mosquitto_passwd.exe
使用 mosquitto 管理帳/密檔案的工具(mosquitto_passwd.exe)，
來將帳/密檔中的密碼轉成 Hash 值，

mosquitto_passwd.exe -U pwdfile.txt

3.設定 mosquitto.conf
在 mosquitto.conf 中
3.1.將 allow_anonymous 設定成 false
3.2.將 per_listener_settings 設定成 true
3.3.設定 password_file ，後面接 實體檔案路徑

per_listener_settings true
allow_anonymous false
password_file C:\Program Files\mosquitto\pwdfile.txt

4.重新啟動 mosquitto 服務
如果可以正常重新啟動，沒有錯誤表示設定沒有問題。

5.修改 MQControlCenter 專案
使用 MQTTnet 套件的 MQControlCenter 專案還是可以連接 mosquitto broker，
因為 mosquitto broker 需要帳/密驗證，
所以在建立 MqttClientOptionsBuilder 時，
需要加上 WithCredentials 設定帳/密。

using MQTTnet.Client;
using MQTTnet.Extensions.ManagedClient;
using MQTTnet;
using System.Text.Json;
using static System.Console;
using System.Text;
using MQTTnet.Packets;

var _mqttClient = new MqttFactory().CreateManagedMqttClient();

var clientId = "controlCenter";

WriteLine("請輸入 MQTT Broker Server :");
var server = ReadLine();
if (string.IsNullOrWhiteSpace(server))
{
    server = "localhost";
}
WriteLine("請輸入連線帳密(例 mqttuser/p@ssw0rD):");
var userAndPwd = ReadLine();
if (string.IsNullOrWhiteSpace(userAndPwd))
{
    userAndPwd = "mqttuser/p@ssw0rD";
}
var userNpwd = userAndPwd.Split('/', StringSplitOptions.RemoveEmptyEntries);
var builder = new MqttClientOptionsBuilder()
                .WithClientId(clientId)
                .WithTcpServer(server)
                .WithCredentials(userNpwd[0], userNpwd[1]);

var options = new ManagedMqttClientOptionsBuilder()
                    .WithAutoReconnectDelay(TimeSpan.FromSeconds(60))
                    .WithClientOptions(builder.Build())
                    .Build();
// Set up handlers
_mqttClient.ConnectedAsync += _mqttClient_ConnectedAsync;
_mqttClient.DisconnectedAsync += _mqttClient_DisconnectedAsync;
_mqttClient.ConnectingFailedAsync += _mqttClient_ConnectingFailedAsync;
_mqttClient.ApplicationMessageReceivedAsync += _mqttClient_ApplicationMessageReceivedAsync;

var topicFilters = new List<MqttTopicFilter> { new MqttTopicFilter { Topic= "home/temperature/#" } };
await _mqttClient.SubscribeAsync(topicFilters);

WriteLine($"{clientId} 連線到 MQTT Broker ({server}) ....");
await _mqttClient.StartAsync(options);
WriteLine("Press any key to stop receive message ...");
ReadKey();

Task _mqttClient_ConnectedAsync(MqttClientConnectedEventArgs arg)
{
    WriteLine("Connected");
    return Task.CompletedTask;
};
Task _mqttClient_DisconnectedAsync(MqttClientDisconnectedEventArgs arg)
{
    WriteLine("Disconnected");
    return Task.CompletedTask;
};
Task _mqttClient_ConnectingFailedAsync(ConnectingFailedEventArgs arg)
{
    WriteLine("Connection failed check network or broker!");
    return Task.CompletedTask;
}

Task _mqttClient_ApplicationMessageReceivedAsync(MqttApplicationMessageReceivedEventArgs arg)
{
    var topic = arg?.ApplicationMessage?.Topic;
    var payloadText = Encoding.UTF8.GetString(
            arg?.ApplicationMessage?.Payload ?? Array.Empty<byte>());

    WriteLine($"Received: Topic:{topic}, Payload:{payloadText}");
    return Task.CompletedTask;
}

而在原本透過 mosquitto_pub.exe 發送訊息，也是需要加上設定帳/密才可以發送哦~

mosquitto_pub -t "home/temperature/sensor3" -m "message from azure vm sensor3" -u mqttuser -P p@ssw0rD
mosquitto_pub -t "home/temperature/sensor1" -m "message from azure vm with username/pwd" -u mqttuser -P p@ssw0rD

測試結果如下，

參考資源

Mosquitto Username and Password Authentication
How to Install The Mosquitto MQTT Broker on Windows