Web-based frontend using SvelteKit and Material frameworks.
This is a simple wrapper around the iron-remote-gui Web Component demonstrating how to use the API.
Note that this demonstration client is not intended to be used in production as-is. Devolutions is shipping well-integrated, production-ready IronRDP web clients as part of:
- Devolutions Gateway’s Standalone Web Interface which is a completely free product (shipped since v2024.1.0).
- Devolutions Server, our self-hosted credential manager.
- Devolutions Hub, our cloud-based credential manager.
- A Devolutions Gateway with network access to this machine up and running
- A token signed using the provisioner key configured on the Devolutions Gateway
The IronRDP web client is relying on an extension to the RDP protocol ("RDCleanPath"). This enables us to avoid the redundant TLS layer, or "TLS-in-TLS" problem found in other RDP web clients. This redundant TLS layer is typically required to circumvent the restriction imposed by web browsers. Indeed, it’s not possible to open a plain TCP socket using the API provided by web browsers. Instead, we need a middleware service to unpack the WebSocket payload and forward it over a plain TCP transport. Other web clients are using a Secure WebSocket transport (WebSocket over TLS) to communicate with the middleware, and inside this secure transport another protocol-level, extra TLS transport is opened. With our extension, the middleware service inspects the RDP handshake and perform the TLS upgrade on its end, removing the need for the redundant client-side TLS encryption. The extension is supported by the Devolutions Gateway (v2023.1.1 and later).
You need to install and configure it in order to use the web client. You can follow the instructions found on the dedicated repository.
You will need to generate a key pair, that we call the "provisioner" key pair.
You can generate an RSA key pair using openssl by running the following commands:
$ openssl genrsa -out provisioner.key 2048
$ openssl rsa -in provisioner.key -outform PEM -pubout -out provisioner.pemWhere provisioner.key is the private part and provisioner.pem the public counterpart.
The public one must be installed on the Devolutions Gateway.
Once installed, you can optionally modify the gateway.json config file to add the following debug option:
{
// -- snip -- //
"__debug__": {
"disable_token_validation": true
}
}That way, you can later reuse the same token multiple times (convenient at development time).
Make sure to start or restart the service before proceeding further.
The most straightforward way of generating a token if you don’t have a Rust toolchain installed is the PowerShell package.
$ Install-Module -Name DevolutionsGatewayYou can then run the following:
$ New-DGatewayToken -Type ASSOCIATION -PrivateKeyFile <PRIVATE KEY PATH> -DestinationHost <TARGET HOST> -ApplicationProtocol rdpIf you have a Rust toolchain available, you can use the tokengen tool found in Devolutions Gateway repository.
First, run npm install in the iron-remote-gui folder, and then npm install in iron-svelte-client folder.
You can then start the dev server with either:
npm run dev- Runs only the final application.npm run dev-all- Builds WASM module andiron-remote-guiprior to starting the dev server.npm run dev-no-wasm- Only buildsiron-remote-guiprior to starting the dev server.
You can build distribution files with npm run build.
Files are to be found in ./iron-svelte-client/build/browser.
This crate is part of the IronRDP project.